Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.3, 11.6.0, 12.0.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.1.0, 12.0.0 HF1, 11.6.1, 11.5.4
Opened: Nov 02, 2015 Severity: 2-Critical Related Article:
K88973987
Under certain conditions, SSO plugin can overrun memory not owned by the plugin. Symptoms could be different based on the owner of overrun memory.
Symptoms might differ based on the owner of overrun memory. Potentially, tmm could restart as a result of this issue.
This occurs when the following conditions are met: 1. The BIG-IP system is configured and used as SAML Identity Provider. 2. Single Logout (SLO) protocol is configured on an attached SP connector. 3. At least one user executed SAML WebSSO profile.
Disable SAML SLO: remove SLO request and SLO response URLs from configuration in appropriate SAML SP connectors.
SSO plugin no longer overruns memory not owned by the plugin, so the system supports the following configuration without memory issues: The BIG-IP system is configured and used as a SAML Identity Provider. Single Logout (SLO) protocol is configured on the attached Service Provider (SP) connector. At least one user executed SAML webSSO profile.