LoadMaster Vulnerabilities

The purpose of this article is to provide a list of commonly known vulnerabilities along with an explanation as to why the LM is not affected. 

This article is not a comprehensive list of vulnerabilities going back to the dawn of the loadmaster. The article is also not a best practice security guide.  

 

 CVE Entry  Affected Libraries   Fixed Version  Comments
CVE-2021-3156 Sudoedit Linux N/A Not vulnerable. sudoedit on linux. Not applicable to LM. 
CVE-2021-1732 Windows NETLOGON N/A NA to LM. This is windows issue. 
 CVE-2020-15598 ModSecurity v3 N/A LoadMaster is not vulnerable as it runs the ModSecurity v2.9 release line.
 CVE-2020-8515  N/A  N/A  Not vulnerable.
 CVE-2020-1967  N/A  N/A  Not vulnerable.
 CVE-2020-10029  Glibc  N/A  Not vulnerable.
 CVE-2019-16905  openssh  7.7,7.9,8.x-  8.1  NA. Not vulnerable. Experimental code which is not built as part of LMOS.
 CVE-2019-0190  openssl  1.1.1  NA, not relevant to LMOS - only relevant to Apache HTTP server.
 CVE-2019-1551  openssl   1.1.1  NA, this is with 512-bit moduli - I.e. a 512 HD random key - the default is for 2K keys so this is not relevant.

 CVE-2019-1549

 openssl   1.1.1  NA, sslproxy forks first and then starts openssl, so this is not applicable.
 CVE-2019-1563  openssl   1.1.1  NA, The LM does not use PKCS7 or CMS and it always uses a certificate.
 CVE-2019-1547  openssl  1.1.1  NA, LM only uses libssl interface which is indicated to be not vulnerable.

 


  

 

Was this article helpful?

0 out of 0 found this helpful

Comments