Description
F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources.
Affected products
- F5 / firepass5.4 – 5.4
- F5 / firepass5.4.1 – 5.4.1
- F5 / firepass5.4.2 – 5.4.2
- F5 / firepass5.4.3 – 5.4.3
- F5 / firepass5.4.4 – 5.4.4
- F5 / firepass5.4.5 – 5.4.5
- F5 / firepass5.4.6 – 5.4.6
- F5 / firepass5.4.7 – 5.4.7
- F5 / firepass5.4.8 – 5.4.8
- F5 / firepass5.4.9 – 5.4.9
- F5 / firepass5.5 – 5.5
- F5 / firepass5.5.1 – 5.5.1
- F5 / firepass5.5.2 – 5.5.2
- F5 / firepass6.0 – 6.0
References
- VENDOR_ADVISORYhttp://www.mnin.org/advisories/2007_firepass.pdf
- MISChttps://tech.f5.com/home/solutions/sol6922.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/23640
- MISChttp://www.osvdb.org/32734
- MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html
- MISChttp://www.securityfocus.com/bid/21957