back to article F5 hurriedly squashes BIG-IP remote code execution bug

F5 has issued a fix for a remote code execution (RCE) bug in its BIG-IP suite carrying a near-maximum severity score. Researchers at Praetorian first discovered the authentication bypass flaw in BIG-IP's configuration utility and published their findings this week of what is the third major RCE bug to impact BIG-IP since 2020 …

  1. Anonymous Coward
    Boffin

    A bug in the web interface

    A bug in the web interface. Never put web-anything on your authentication systems.

    --

    usage()

    {

    echo "Usage: $0 [-h]|[-u][-r]"

    echo "This utility mitigates ID1378329 and restarts the apache and tomcat daemons."

    echo " : -h Display this help message"

    echo " : -u Undo the ID1378329 mitigation"

    exit 255

    }

  2. Anonymous Coward
    Anonymous Coward

    Can we stop calling these incidents "bugs"

    These are blunders, pure and simple

    Some blundering fool did something they probably shouldnt have, or the blundering fool literally had zero clue what it was they were doing. It's quite possible that there are multiple blundering fools in this story.

    Imagine if I was a house builder, and 2 weeks after people moved in to a house I built, it collapses.

    Can I just claim it was a bug? and not my fault?

  3. Roland6 Silver badge

    “ the lack of bug bounty opportunities at F5”

    >“One of these, a cache poisoning issue, was allegedly found by an independent security researcher who was aggrieved about the lack of bug bounty opportunities at F5, so they decided to disclose it themselves”

    There is a lesson here…

    Given the status of Big-IP and the market it is in, you would have thought F5 would have had a bounty program, with generous rewards, up and running for well over a decade now.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like