F5 BIG-IP GNU Bash Vulnerabilities (K15629) Advisory: CVE-2014-6271/7169/7186/7187/6278 Patch Guide

Vulnerability Key Information Vulnerability ID K15629: Multiple GNU Bash vulnerabilities Release and Update Dates Release Date: May 22, 2015 Update Date: Feb 22, 2023 Vulnerability Description CVE-2014-6271 Impact: GNU Bash, through version 4.3, processes trailing strings in environment variable values after function definitions, allowing remote attackers to execute arbitrary code via crafted environment variables. Affected Products and Versions: Multiple BIG-IP products across various versions are affected; see table for details. CVE-2014-7169 Impact: Remote attackers can write files or cause unspecified effects via crafted environment variable values. Affected Products and Versions: Multiple BIG-IP products across various versions are affected; see table for details. CVE-2014-7186 Impact: Remote attackers may cause denial of service (array out-of-bounds access and application crash) or unspecified other impacts via crafted document usage, known as the "redir_stack" issue. Affected Products and Versions: Multiple BIG-IP products across various versions are affected; see table for details. CVE-2014-7187 Impact: Remote attackers may cause denial of service (array out-of-bounds access and application crash) or unspecified other impacts via deeply nested loops, known as the "word_lineno" issue. Affected Products and Versions: Multiple BIG-IP products across various versions are affected; see table for details. CVE-2014-6278 Impact: Remote attackers may execute arbitrary commands or cause denial of service by upgrading bash. Affected Products and Versions: Multiple BIG-IP products across various versions are affected; see table for details. Impact These vulnerabilities may allow authenticated users to obtain sensitive information, manipulate certain data, or execute code remotely. Mitigation Recommendations If your current version is listed in the "Not Vulnerable Version" column, upgrade to the specified version to remediate the vulnerability. Access to F5 products should be restricted to secure networks, and login access should be limited to trusted users only. For DHCP client vulnerabilities, disable DHCP and use static IP addresses for management interfaces.

Goal Reached Thanks to every supporter — we hit 100%!

F5 BIG-IP GNU Bash Vulnerabilities (K15629) Advisory: CVE-2014-6271/7169/7186/7187/6278 Patch Guide