OpenSSH Version upgrade on BIGIP LTM

Question

We had an external auditors come in and they alarmed us about a OpenSSH X11 Forward Session Hijacking vulerability that was present on our production LTM's. This issue is documented here: http://www.nessus.org/plugins/index...e&amp;id=31737 What I did was upgrade to the latest BIGIP software version 10.2.1.297 and it still has an older version of OpenSSH: version OpenSSH_4.3p2 which still looks to be vulnerable to this exploit. Is there a way to just upgrade OpenSSH independantly so we can install the OpenSSH v5.0 or above to resolve this?
&nbsp;Thanks,
&nbsp;Greg

hooleylist · Answer

Hi, 
&nbsp;  
&nbsp; Upgrading the packages on LTM is only supported as part of an OS upgrade.  F5 generally issues updates for security fixes affecting the platform fairly quickly.  In this case, it was determined that LTM is not vulnerable to this exploit.  X11 forwarding isn't enabled by default in F5's sshd_config. 
&nbsp;  
&nbsp; SOL9107: OpenSSH vulnerability CVE-2008-1483 
&nbsp; http://support.f5.com/kb/en-us/solutions/public/9000/100/sol9107.html 
&nbsp;  
&nbsp; Aaron 
&nbsp; Aaron

Forum Discussion

OpenSSH Version upgrade on BIGIP LTM

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

F5OS Tenants TMOS version upgrade

upgrade directly from os version 14.1. to 17.1.0

Software Upgrade

Upgrade to 15.1.10

Re: Ransomware, OpenSSH, AI and Trust, Google Geofence Dec 10-17, 2023 - F5 SIRT - This Week in Secu