Last Modified: Sep 13, 2023
Known Affected Versions:
12.1.3, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206
Opened: Jul 08, 2016 Severity: 2-Critical
The dynamic white/black daemon (dwbld) (a Control Plane daemon that supports the AFM IP intelligence feature) generates a core when processing an Auto Blacklisting Entry addition by TMM, when attack traffic causes a blacklist entry to be added. The problem happens in a rare scenario when dwbld and tmm are out of sync with respect to category names. This might happen for a very short window when configuration changes are made to Blacklist Categories (such as adding or removing a category).
dwbld crashes and restarts. No significant impact, as after restart, the dwbld should work properly.
-- DoS Auto Blacklisting feature enabled. -- Attack traffic generates an Auto Blacklist IP address entry. -- Configuration change to Blacklist Category occurs at the same time.
The release adds handling for the case in which dwbld is not up-to-date with configuration changes to Blacklist Categories when it simultaneously receives an Auto Blacklist Entry.