Forum Discussion

Nimbostratus

Jan 29, 2014

OpenSSH vulnerabilties

while undergoing a security audit several vulnerabilties were deteced in our system (F5 Big IP LTM 3600 11.4.1) It appears that we are running OpenSSH 4.3p2 The vulnerabilities were : ...

Russell_Moore_8

Nimbostratus

Jan 29, 2014

It is unlikely that the scan produced accurate results. As I recall the basic linux packages are from Redhat and Redhat does not increment its version numbers in a way that makes it easy to determine if you are using a version vulnerable or not. They tend to keep a version for stability and backport patches for such things. Your best bet is to get the codes for the vulnerabilities and check them on the F5 support site.

You can limit access to SSH to administrative networks which eliminates concerns over any current or undiscovered vulnerability.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)