Early today on 2017-02-09, a new vulnerability based on CVE-2016-9244 was announced by f5 affecting the companys Big-IP appliances [1]. According to f5:
A BIG-IP SSL virtual server with the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory.
This new vulnerability has a website (https://ticketbleed.com/) and a logo. border-width:2px” />
Shown above: A creative logo for yet another vulnerability.
Ticketbleed.com (currently redirects to filippo.io/Ticketbleed) has interesting details about the discovery and timeline. It also has a link for a complete technical walkthrough on the vulnerability.
At this point, organizations using f5 products will spin up their security teams to determine if they are impacted. As I write this, Its shortly after midnight in the US Central Time Zone. Later as the business day begins, leadership in many organizations will be asking about Ticketbleed. Some will hear echoes of 2014s Heartbleed vulnerability in this. As I just heard from a fellow security professional, There goes my tomorrow.
—
Brad Duncan
brad [at] malware-traffic-analysis.net
References:
[1] https://support.f5.com/csp/article/K05121675
[2] https://www.theregister.co.uk/2017/02/09/f5s_bigip_leaks_lots_of_little_chunks_of_memory/
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.