Denial of Service Vulnerability in F5 BIG-IP Products
CVE-2013-6016

Currently unrated

Key Information:

Vendor: F5
Status: Big-ip Global Traffic Manager
Vendor: CVE Published:; 26 October 2013

Summary

The Traffic Management Microkernel (TMM) in specific versions of F5 BIG-IP products is susceptible to a denial of service attack. This vulnerability arises when a TCP connection is incorrectly switched to an ESTABLISHED state prior to the reception of the ACK packet. Exploitation of this flaw enables remote attackers to trigger a denial of service that results in the SIGFPE or assertion failure and subsequent restart of the TMM. Affected products include several versions of BIG-IP LTM, APM, ASM, and other related services that may be utilized for traffic management.

References

http://support.f5.com/kb/en-us/solutions/public/13000/200...

x_refsource_CONFIRM

http://secunia.com/advisories/55378

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1029220

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Oct 26, 2013
Vulnerability Reserved
Oct 4, 2013