This issue has been fixed in all releases after BIG-IQ 4.1, including 4.2 and 4.3. Please see F5¹s technical solution at http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15229.html BIG-IQ 4.1 was in limited release and customers had already been asked to upgrade. No versions of BIG-IP are vulnerable.
Please use security-report...@f5.com for any further reports. This email address can be found by searching for ³security² at http://ask.f5.com. http://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html Thanks. On Thu, May 1, 2014 at 5:10 PM, Brandon Perry <bperry.volatile () gmail com>wrote: >Hi, > >Detailed at this blog post (with pics!) is a vulnerability within F5 >BIG-IQ >4.1.0.2013.0. > >http://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticat >ed.html > >A module for this will be uploaded to ExploitHub this evening that will >change the root users password and log in over SSH. > >Tune in next week for even more F5 fun! > >-- >http://volatile-minds.blogspot.com <http://volatile-minds.blogspot.com/> >-- blog >http://www.volatileminds.net <http://www.volatileminds.net/> -- website _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
