Forum Discussion

Kalpesh_48932's avatar
Kalpesh_48932
Icon for Nimbostratus rankNimbostratus
Jul 18, 2012

SSH vulnerability hptfix installation

Hi Friends,

 

 

I am planning to install hotfix on our F5 to make IOS not vulnerable.

 

 

my current IOS version is as below.

 

 

[admin@STG1F5LDB01:Active] ~ tmsh show sys license

 

 

Sys::License

 

Licensed Version 10.2.0

 

Registration key KAFBG-NZWGV-BJYLE-GUZLY-ULRZALO

 

Licensed On 2011/11/04

 

Service Check Date 2011/11/04

 

Platform ID D63a

 

Appliance Serial Number bip221875s

 

 

Active Modules

 

ADD 100 MBPS COMPRESSION (BYQPEOS-AGQNRNY)

 

BIG-IP LTM 6400 (JBJGWHS-TCPSBKO)

 

Local Traffic Manager Module

 

ADD 5 MBPS COMPRESSION

 

ADD SSL 100

 

 

I am following procedure and files as described in following link.

 

 

http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html

 

 

I need your support to understand if I am referring correct link and contents to do so.

 

 

Also i need to understand rollback process if this installation fails.

 

 

Thanks in Advance

 

config
design
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Jul 18, 2012
    Kalpesh

    Doesn't look like the 6400 is vulnerable according to the f5 post. 

    The following platforms are affected by this issue:

    VIPRION B2100, B4100, and B4200
    BIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900, 8900, 8950, 11000, and 11050
    BIG-IP Virtual Edition
    Enterprise Manager 3000 and 4000

    Also, another option would be to install a non-vulnerable release of big-ip. Looks like 10.2.4 is the one to go for. You will have a rollback option here as you can upgrade a spare volume / partition.

    Hope this helps,

    N