F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

luyenntk50db_14's avatar
luyenntk50db_14
Icon for Nimbostratus rankNimbostratus
Oct 24, 2014

F5 shellshock with Bash shell.

I check in my F5 with command: env x='() { :;}; echo vulnerable' bash -c 'echo this is a test' and I receive result: vulnerable this is a test Thus, my system is vulnerable.   I read links: https:...
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Oct 24, 2014

luyenntk50db,

 

The iRule is for backend servers that might be vulnerable that are fronted by a big-ip device. The big-ip, via an irule, can prevent the attack vector from reaching the backend servers. This gives you time to patch them.

 

Sol15629 details the big-ip TMOS versions that are vulnerable, namely the management web gui. If you haven't patched to the non-vulnerable release then you will be vulnerable. Of course bear in mind that, as of a couple of weeks ago, the only exploit was an authenticated one, i.e. an attacked would need admin/root access to the big-ip. Further recommendation is to keep the management network on a private, secure network and if there any any self IPs which are externally accessible then disable 443 access.

 

Hope this helps,

 

N