SOL17448 - OpenSSH vulnerability CVE-2001-1473

Recommended Action

If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.

F5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.

To avoid this vulnerability, you should not use SSH protocol version 1 when establishing an SSH connecting to the SSHD service on the BIG-IP, Enterprise Manager, or BIG-IQ system.

For the SSHD service on the BIG-IP, Enterprise Manager, or BIG-IQ system, the SSHD configuration uses SSH protocol 2 by default. To avoid this vulnerability, do not modify it to use SSH protocol version 1.

To verify the current SSH protocol enabled on your BIG-IP, Enterprise Manager, or BIG-IQ system, type the following command:

grep ^Protocol /config/ssh/sshd_config

Command output for the system using only SSH protocol 2 appears similar to the following example:

Protocol 2

Supplemental Information

• SOL9970: Subscribing to email notifications regarding F5 products
• SOL9957: Creating a custom RSS feed to view new and updated documents
• SOL4602: Overview of the F5 security vulnerability response policy
• SOL4918: Overview of the F5 critical issue hotfix policy
• SOL167: Downloading software and firmware from F5