Bug ID 1002109: Xen binaries do not follow security best practices

Last Modified: Feb 15, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1

Fixed In:
16.1.0, 15.1.4, 14.1.4.4, 13.1.5

Opened: Mar 13, 2021
Severity: 1-Blocking

Symptoms

The following xen* binaries have multiple violations of security best practices. usr/bin/xenstore /usr/bin/xenstore-exists /usr/bin/xenstore-ls /usr/bin/xenstore-read /usr/bin/xenstore-rm /usr/bin/xenstore-watch /usr/bin/xenstore-chmod /usr/bin/xenstore-list /usr/bin/xenstore-write

Impact

The issue lead to violation of security best practices.

Conditions

The violations can be seen on BIG-IP by running following script. https://github.com/slimm609/checksec.sh

Workaround

None

Fix Information

Fixed an issue with certain xen* binaries.

Behavior Change