OpenSSH Version upgrade on BIGIP LTM

Question

We had an external auditors come in and they alarmed us about a OpenSSH X11 Forward Session Hijacking vulerability that was present on our production LTM's. This issue is documented here: http://www.nessus.org/plugins/index...e&amp;id=31737 What I did was upgrade to the latest BIGIP software version 10.2.1.297 and it still has an older version of OpenSSH: version OpenSSH_4.3p2 which still looks to be vulnerable to this exploit. Is there a way to just upgrade OpenSSH independantly so we can install the OpenSSH v5.0 or above to resolve this?
&nbsp;Thanks,
&nbsp;Greg

hoolio · Answer

Hi, 
&nbsp;  
&nbsp; Upgrading the packages on LTM is only supported as part of an OS upgrade.  F5 generally issues updates for security fixes affecting the platform fairly quickly.  In this case, it was determined that LTM is not vulnerable to this exploit.  X11 forwarding isn't enabled by default in F5's sshd_config. 
&nbsp;  
&nbsp; SOL9107: OpenSSH vulnerability CVE-2008-1483 
&nbsp; http://support.f5.com/kb/en-us/solutions/public/9000/100/sol9107.html 
&nbsp;  
&nbsp; Aaron 
&nbsp; Aaron

Forum Discussion

OpenSSH Version upgrade on BIGIP LTM

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

2026 301a exam

F5OS login with admin/root failed via console

UCS Encryption Question

Related Content

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

OpenSSH vulnerability

U.S. Government cuts, Majorana 1 Chip, CVEs for Mongoose and OpenSSH

Upgrade to version 17.x.x ?

Viprion version upgrade

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS