F5 Networks BIG-IP : OpenSSL vulnerability (K23512141)

Medium Nessus Plugin ID 94449

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. (CVE-2016-2179)

Impact

An attacker can send a fragmented, incomplete message followed by a 'retransmission' message. In this case, the system accepts the retransmission message but the queue retains the original fragments, which consumes system resources. By repeating this process many times, the attacker can cause resource exhaustion.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K23512141.

See Also

https://support.f5.com/csp/article/K23512141

Plugin Details

Severity: Medium

ID: 94449

File Name: f5_bigip_SOL23512141.nasl

Version: 2.9

Type: local

Published: 2016/11/01

Updated: 2019/07/17

Dependencies: 76940

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_webaccelerator, cpe:/h:f5:big-ip, cpe:/h:f5:big-ip_protocol_security_manager

Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/10/31

Vulnerability Publication Date: 2016/09/16

Reference Information

CVE: CVE-2016-2179