F5 Networks BIG-IP : TMM vulnerability (K82851041)

medium Nessus Plugin ID 100006

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations.
(CVE-2017-6137)

Impact

When software syncookie protection is activated for a virtual server (the connection.syncookies.threshold databasevalue has been exceeded), and the unit also has the Traffic Management Microkernel (TMM) fast forward enabled (the tmm.ffwd.enable databasevalue is true, the default), and TCP Segmentation Offload (TSO) is enabled(the tm.tcpsegmentationoffload databasevalue is true, the default) a specific sequence of packets causes TMM to generate an egress packet with an invalid MSS. As a result, packets egressing the BIG-IP system with an invalid MSS may be dropped by a neighboring device.
Additionally, on the 3900, 6900, 8900, 8950, 11000, and 11050 platforms this may cause the high-speed bridge (HSB) to lock up.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K82851041.

See Also

https://support.f5.com/csp/article/K82851041

Plugin Details

Severity: Medium

ID: 100006

File Name: f5_bigip_SOL82851041.nasl

Version: 3.8

Type: local

Published: 5/8/2017

Updated: 5/9/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/h:f5:big-ip

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Ease: No known exploits are available

Patch Publication Date: 5/5/2017

Vulnerability Publication Date: 5/9/2017

Reference Information

CVE: CVE-2017-6137