• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Oceansalt APT Group targets Finance, Education, Telecommunications and Agricultural sectors
February 22, 2019
Rewterz Threat Advisory – CVE-2019-7815 – Adobe Reader / Acrobat Information Disclosure Vulnerability
February 22, 2019

Rewterz Threat Advisory – CVE-2016-8618 – F5 Multiple BIG-IP Products libcurl Vulnerability

February 22, 2019

Severity

Medium

Analysis Summary

A vulnerability in multiple F5 BIG-IP products can be exploited by malicious people to compromise a vulnerable system.

The libcurl API function called curl_maprintf() before version 7.51.0 can be tricked into doing a double-free due to an unsafe size_t multiplication, on systems using 32 bit size_t variables.

A custom monitor or script that calls the curl command may allow unauthorized disclosure of information, unauthorized modification, and disruption of service. The big3d process, which includes the libcurl library, may allow unauthorized disclosure of information, unauthorized modification, and disruption of service.

Impact


System Access
Information Disclosure

Affected Products

  • BIG-IP LTM versions 13.0.0 through 13.0.1
  • 12.0.0 through 12.1.4
  • 11.4.0 through 11.6.3
  • and 11.2.1
  • BIG-IP AAM versions 12.0.0 through 12.1.4 and 11.4.0 through 11.6.3
  • BIG-IP AFM versions 13.0.0 through 13.0.1 and 11.4.0 through 11.6.3
  • BIG-IP Analytics versions 12.0.0 through 12.1.4
  • BIG-IP APM versions 13.0.0 through 13.0.1
  • BIG-IP ASM versions 13.0.0 through 13.0.1
  • BIG-IP DNS versions 12.0.0 through 12.1.4
  • BIG-IP Edge Gateway version 11.2.1
  • BIG-IP GTM versions 11.4.0 through 11.6.3 and 11.2.1
  • BIG-IP Link Controller versions 12.0.0 through 12.1.4
  • BIG-IP PEM versions 12.0.0 through 12.1.4 and 11.4.0 through 11.6.3
  • BIG-IP PSM versions 11.4.0 through 11.4.1
  • BIG-IP WebAccelerator version 11.2.1
  • BIG-IP WebSafe versions 12.0.0 through 12.1.4 and 11.6.0 through 11.6.3

Remediation


Update or upgrade to a fixed version if available.
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe: Update or upgrade to version 13.1.0.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.