For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Matt_06_141259's avatar
Matt_06_141259
Icon for Nimbostratus rankNimbostratus
Jan 29, 2014

OpenSSH vulnerabilties

while undergoing a security audit several vulnerabilties were deteced in our system (F5 Big IP LTM 3600 11.4.1)   It appears that we are running OpenSSH 4.3p2   The vulnerabilities were :   ...
Russell_Moore_8's avatar
Russell_Moore_8
Icon for Nimbostratus rankNimbostratus
Jan 29, 2014

It is unlikely that the scan produced accurate results. As I recall the basic linux packages are from Redhat and Redhat does not increment its version numbers in a way that makes it easy to determine if you are using a version vulnerable or not. They tend to keep a version for stability and backport patches for such things. Your best bet is to get the codes for the vulnerabilities and check them on the F5 support site.

 

You can limit access to SSH to administrative networks which eliminates concerns over any current or undiscovered vulnerability.