F5 ssh configuration goof

Published: 2012-06-12. Last Updated: 2012-06-12 11:34:08 UTC
by Swa Frantzen (Version: 1)
1 comment(s)

A reader pointed us to F5's SOL 13600, a vulnerability notice by now almost a week old. It details fixes and workarounds for a configuration mistake where unauthorized root access is possible via ssh over port 22. It doesn't exactly spell out their mistake. 

Now any unix administrator will start to wonder: why configure ssh to even allow root access at all ? And moreover you'd still need the appropriate credentials of root.

It turns out that unpatched F5 systems not only allow root to connect over the network, but that they authorize a public RSA key for root and that they also left the corresponding supposedly private key on all of their systems. 

If you have an F5 box and have not installed this update or worked around it properly, better do it now: every F5 customer has the keys to yours. And it takes only one to leak the key for all those who'd like to harm you to have it too.

CVE-2012-1493

--
Swa Frantzen -- Section 66

Keywords: f5 ssh
1 comment(s)

Comments

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb

Diary Archives