Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: F5 ssh configuration goof - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
F5 ssh configuration goof

A reader pointed us to F5's SOL 13600, a vulnerability notice by now almost a week old. It details fixes and workarounds for a configuration mistake where unauthorized root access is possible via ssh over port 22. It doesn't exactly spell out their mistake. 

Now any unix administrator will start to wonder: why configure ssh to even allow root access at all ? And moreover you'd still need the appropriate credentials of root.

It turns out that unpatched F5 systems not only allow root to connect over the network, but that they authorize a public RSA key for root and that they also left the corresponding supposedly private key on all of their systems. 

If you have an F5 box and have not installed this update or worked around it properly, better do it now: every F5 customer has the keys to yours. And it takes only one to leak the key for all those who'd like to harm you to have it too.

CVE-2012-1493

--
Swa Frantzen -- Section 66

Swa

760 Posts
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb
Anonymous

Sign Up for Free or Log In to start participating in the conversation!