Vulnerabilities > CVE-2019-6681 - Missing Release of Resource after Effective Lifetime vulnerability in F5 Big-Ip Local Traffic Manager

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
f5
CWE-772
nessus
NVD
Published: 2019-12-23
Updated: 2021-07-21

Summary

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted.

Vulnerable Configurations

Part Description Count
Application
F5
75

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • HTTP DoS
    An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.

Nessus

NASL familyF5 Networks Local Security Checks
NASL idF5_BIGIP_SOL93417064.NASL
descriptionMemory leak in Multicast Forwarding Cache (MFC) handling in tmrouted. (CVE-2019-6681) Impact A BIG-IP system licensed with the ZebOS dynamic routing and multicast routing bundle, configured with (static or dynamic) multicast routes that use the Multicast Forwarding Cache (MFC), may experience a memory leak in the tmrouted process, exhaust system resources, restart, and cause a disruption of service. MFC is used for forwarding packets matching multicast routes and is used by static and dynamic multicast routing protocols. Note : ZebOS dynamic routing and multicast routing bundle licenses are required. Vulnerable configurations consist of static multicast routes or dynamic multicast routing protocols configured, such as Protocol Independent Multicasting (PIM). For more information about PIM multicast routing configurations, refer to the BIG-IP Advanced Routing Multicast Configuration Guide . For information about multicast static route creation, refer to the ip mroute command section in the BIG-IPAdvanced Routing Network Services Manager Command Line Interface Reference Guide . Note : For information about how to locate F5 product manuals, refer to K98133564: Tips for searching AskF5 and finding product documentation.
last seen2020-03-17
modified2019-12-31
plugin id132580
published2019-12-31
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/132580
titleF5 Networks BIG-IP : MFC vulnerability (K93417064)
code
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution K93417064.
#
# The text description of this plugin is (C) F5 Networks.
#

include("compat.inc");

if (description)
{
  script_id(132580);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");

  script_cve_id("CVE-2019-6681");

  script_name(english:"F5 Networks BIG-IP : MFC vulnerability (K93417064)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted.
(CVE-2019-6681)

Impact

A BIG-IP system licensed with the ZebOS dynamic routing and multicast
routing bundle, configured with (static or dynamic) multicast routes
that use the Multicast Forwarding Cache (MFC), may experience a memory
leak in the tmrouted process, exhaust system resources, restart, and
cause a disruption of service. MFC is used for forwarding packets
matching multicast routes and is used by static and dynamic multicast
routing protocols.

Note : ZebOS dynamic routing and multicast routing bundle licenses are
required.

Vulnerable configurations consist of static multicast routes or
dynamic multicast routing protocols configured, such as Protocol
Independent Multicasting (PIM).

For more information about PIM multicast routing configurations, refer
to the BIG-IP Advanced Routing Multicast Configuration Guide .

For information about multicast static route creation, refer to the ip
mroute command section in the BIG-IPAdvanced Routing Network Services
Manager Command Line Interface Reference Guide .

Note : For information about how to locate F5 product manuals, refer
to K98133564: Tips for searching AskF5 and finding product
documentation."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K93417064"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K98133564"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution K93417064."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6681");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/31");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "K93417064";
vmatrix = make_array();

# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected"  ] = make_list("15.0.0-15.0.1","14.1.0-14.1.2","14.0.0-14.0.1","13.1.0-13.1.3","12.1.0-12.1.5");
vmatrix["LTM"]["unaffected"] = make_list("15.1.0","14.1.2.1","14.0.1.1","13.1.3.2","12.1.5.1");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running the affected module LTM");
}

References