Forum Discussion

GHUG_105220's avatar
Icon for Nimbostratus rankNimbostratus
Feb 04, 2011

OpenSSH Version upgrade on BIGIP LTM

We had an external auditors come in and they alarmed us about a OpenSSH X11 Forward Session Hijacking vulerability that was present on our production LTM's. This issue is documented here: What I did was upgrade to the latest BIGIP software version and it still has an older version of OpenSSH: version OpenSSH_4.3p2 which still looks to be vulnerable to this exploit. Is there a way to just upgrade OpenSSH independantly so we can install the OpenSSH v5.0 or above to resolve this?





1 Reply

  • Hi,



    Upgrading the packages on LTM is only supported as part of an OS upgrade. F5 generally issues updates for security fixes affecting the platform fairly quickly. In this case, it was determined that LTM is not vulnerable to this exploit. X11 forwarding isn't enabled by default in F5's sshd_config.



    SOL9107: OpenSSH vulnerability CVE-2008-1483