7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.013 Low
EPSS
Percentile
86.0%
The libcurl API function called curl_maprintf()
before version 7.51.0 can be tricked into doing a double-free due to an unsafe size_t
multiplication, on systems using 32 bit size_t
variables.
(CVE-2016-8618)
Impact
A custom monitor or script that calls the curl command may allow unauthorized disclosure of information,unauthorized modification, and disruption of service. The big3d process, which includes the libcurl library, may allow unauthorized disclosure of information,unauthorized modification, and disruption of service.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K10196624.
#
# The text description of this plugin is (C) F5 Networks.
#
include("compat.inc");
if (description)
{
script_id(105436);
script_version("3.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/08/27");
script_cve_id("CVE-2016-8618");
script_name(english:"F5 Networks BIG-IP : libcurl vulnerability (K10196624)");
script_summary(english:"Checks the BIG-IP version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"The libcurl API function called `curl_maprintf()` before version
7.51.0 can be tricked into doing a double-free due to an unsafe
`size_t` multiplication, on systems using 32 bit `size_t` variables.
(CVE-2016-8618)
Impact
A custom monitor or script that calls the curl command may allow
unauthorized disclosure of information,unauthorized modification, and
disruption of service. The big3d process, which includes the libcurl
library, may allow unauthorized disclosure of information,unauthorized
modification, and disruption of service."
);
script_set_attribute(
attribute:"see_also",
value:"https://support.f5.com/csp/article/K10196624"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K10196624."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/31");
script_set_attribute(attribute:"patch_publication_date", value:"2017/04/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/26");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"F5 Networks Local Security Checks");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport");
exit(0);
}
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "K10196624";
vmatrix = make_array();
if (report_paranoia < 2) audit(AUDIT_PARANOID);
# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected" ] = make_list("13.0.0-13.0.1","12.0.0-12.1.5","11.4.0-11.6.5");
vmatrix["AFM"]["unaffected"] = make_list("13.1.0");
# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected" ] = make_list("13.0.0-13.0.1","12.0.0-12.1.5","11.4.0-11.6.5");
vmatrix["AM"]["unaffected"] = make_list("13.1.0");
# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected" ] = make_list("13.0.0-13.0.1","12.0.0-12.1.5","11.4.0-11.6.5","11.2.1");
vmatrix["APM"]["unaffected"] = make_list("13.1.0");
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("13.0.0-13.0.1","12.0.0-12.1.5","11.4.0-11.6.5","11.2.1");
vmatrix["ASM"]["unaffected"] = make_list("13.1.0");
# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected" ] = make_list("13.0.0-13.0.1","12.0.0-12.1.5","11.4.0-11.6.5","11.2.1");
vmatrix["AVR"]["unaffected"] = make_list("13.1.0");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("13.0.0-13.0.1","12.0.0-12.1.5","11.4.0-11.6.5","11.2.1");
vmatrix["LC"]["unaffected"] = make_list("13.1.0");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("13.0.0-13.0.1","12.0.0-12.1.5","11.4.0-11.6.5","11.2.1");
vmatrix["LTM"]["unaffected"] = make_list("13.1.0");
# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected" ] = make_list("13.0.0-13.0.1","12.0.0-12.1.5","11.4.0-11.6.5");
vmatrix["PEM"]["unaffected"] = make_list("13.1.0");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
Vendor | Product | Version | CPE |
---|---|---|---|
f5 | big-ip_webaccelerator | cpe:/a:f5:big-ip_webaccelerator | |
f5 | big-ip_access_policy_manager | cpe:/a:f5:big-ip_access_policy_manager | |
f5 | big-ip_advanced_firewall_manager | cpe:/a:f5:big-ip_advanced_firewall_manager | |
f5 | big-ip_application_acceleration_manager | cpe:/a:f5:big-ip_application_acceleration_manager | |
f5 | big-ip_application_security_manager | cpe:/a:f5:big-ip_application_security_manager | |
f5 | big-ip_application_visibility_and_reporting | cpe:/a:f5:big-ip_application_visibility_and_reporting | |
f5 | big-ip_global_traffic_manager | cpe:/a:f5:big-ip_global_traffic_manager | |
f5 | big-ip_link_controller | cpe:/a:f5:big-ip_link_controller | |
f5 | big-ip_local_traffic_manager | cpe:/a:f5:big-ip_local_traffic_manager | |
f5 | big-ip_policy_enforcement_manager | cpe:/a:f5:big-ip_policy_enforcement_manager |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.013 Low
EPSS
Percentile
86.0%