Forum Discussion

Nimbostratus

Oct 30, 2014

Question regarding iHealth

Hello All, I was involved in an issue with a pair of production LTM's that essentially hit the wall, and hit the wall very hard first thing Monday morning of this week. By the time I was contact...

Cirrocumulus

Oct 30, 2014

Why would you think it was shellshock? Do you allow non-admins to login? Or run CGI's on publicly available web servers direct on the BigIP (i.e. The admin GUI).

Shellshock isn't a virus, or trojan. It's a bug in the bash shell where it interpret various things as code (e.g. ENV vars) and evaluates them... Which can lead to unintended consequences. IF someone has access to the BigIP admin interfaces bash shell, I'm not sure if there's any CGI on the GUI that would be vulnerable. Not seem any indication. But an attacker needs access anyway. And normally you wouldn't allow anyone except trusted admins access to the admin interfaces in the first place...

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)