CVE-2017-6153 : Security Advisory and Response

F5 Networks, Inc. BIG-IP systems are vulnerable to a "Zip Bomb" attack due to issues in the inflate functionality.

Understanding CVE-2017-6153

This CVE involves a vulnerability in F5 BIG-IP systems that can lead to service disruption through a specific type of attack.

What is CVE-2017-6153?

The vulnerability in the inflate functionality of F5 BIG-IP systems, versions 11.2.1 to 13.1.0.3, can be exploited to cause a denial of service (DoS) attack.

The Impact of CVE-2017-6153

The vulnerability allows attackers to launch a "Zip Bomb" attack, potentially disrupting services and causing system instability.

Technical Details of CVE-2017-6153

F5 BIG-IP systems are affected by a vulnerability that can be exploited for a DoS attack.

Vulnerability Description

The vulnerability lies in the inflate functionality of F5 BIG-IP systems, versions 11.2.1 to 13.1.0.3, allowing for a "Zip Bomb" attack.

Affected Systems and Versions

BIG-IP versions 13.0.0 to 13.1.0.3
BIG-IP versions 12.1.0 to 12.1.3.1
BIG-IP versions 11.6.1 to 11.6.3.1
BIG-IP versions 11.5.1 to 11.5.5
BIG-IP version 11.2.1

Exploitation Mechanism

The vulnerability can be exploited directly, through an iRule, or via the inflate code from the PEM module.

Mitigation and Prevention

Steps to address and prevent the CVE-2017-6153 vulnerability.

Immediate Steps to Take

Apply vendor-provided patches or updates promptly.
Monitor network traffic for any signs of exploitation.
Implement strong access controls and firewall rules.

Long-Term Security Practices

Regularly update and patch F5 BIG-IP systems.
Conduct security assessments and penetration testing.
Educate staff on security best practices and awareness.

Patching and Updates

F5 Networks has released patches to address the vulnerability.
Ensure all affected systems are updated to the latest secure versions.