Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6
Fixed In:
13.0.0, 12.1.3.7
Opened: Jul 08, 2016 Severity: 2-Critical
The dynamic white/black daemon (dwbld) (a Control Plane daemon that supports the AFM IP intelligence feature) generates a core when processing an Auto Blacklisting Entry addition by TMM, when attack traffic causes a blacklist entry to be added. The problem happens in a rare scenario when dwbld and tmm are out of sync with respect to category names. This might happen for a very short window when configuration changes are made to Blacklist Categories (such as adding or removing a category).
dwbld crashes and restarts. No significant impact, as after restart, the dwbld should work properly.
-- DoS Auto Blacklisting feature enabled. -- Attack traffic generates an Auto Blacklist IP address entry. -- Configuration change to Blacklist Category occurs at the same time.
None.
The release adds handling for the case in which dwbld is not up-to-date with configuration changes to Blacklist Categories when it simultaneously receives an Auto Blacklist Entry.