F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Dan_24306's avatar
Dan_24306
Icon for Nimbostratus rankNimbostratus
Oct 30, 2014

Question regarding iHealth

Hello All,   I was involved in an issue with a pair of production LTM's that essentially hit the wall, and hit the wall very hard first thing Monday morning of this week. By the time I was contact...
application delivery
ihealth
LTM
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Oct 30, 2014

Why would you think it was shellshock? Do you allow non-admins to login? Or run CGI's on publicly available web servers direct on the BigIP (i.e. The admin GUI).

 

Shellshock isn't a virus, or trojan. It's a bug in the bash shell where it interpret various things as code (e.g. ENV vars) and evaluates them... Which can lead to unintended consequences. IF someone has access to the BigIP admin interfaces bash shell, I'm not sure if there's any CGI on the GUI that would be vulnerable. Not seem any indication. But an attacker needs access anyway. And normally you wouldn't allow anyone except trusted admins access to the admin interfaces in the first place...

 

H