Vigil@nce - F5 BIG-IP: buffer overflow of MCPQ
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, authenticated as an administrator, can generate a
buffer overflow in MCPQ of F5 BIG-IP, in order to trigger a denial
of service, and possibly to execute code.
Impacted products: BIG-IP Appliance
Severity: 2/4
Creation date: 05/03/2015
DESCRIPTION OF THE VULNERABILITY
The F5 BIG-IP product offers a web service, using the MCPQ daemon.
However, if the size of data is greater than the size of the
storage array, an overflow occurs in MCPQ. Technical details are
unknown.
An attacker, authenticated as an administrator, can therefore
generate a buffer overflow in MCPQ of F5 BIG-IP, in order to
trigger a denial of service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/F5-BIG-IP-buffer-overflow-of-MCPQ-16322