F5 BIG-IP SSH private key

Added: 07/03/2012
CVE: CVE-2012-1493
BID: 53897
OSVDB: 82780

Background

SSH Private keys are used for authentication for many F5 BIG-IP devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker to gain remote, privileged access to the device.

Problem

Vulnerable BIG-IP installations allow unauthenticated users to bypass authentication and login as the ‘root’ user on the following devices:

• VIPRION B2100, B4100, and B4200
• BIG-IP 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900, 8900, 8950, 11000, and 11050
• BIG-IP Virtual Edition
• Enterprise Manager 3000 and 4000

Resolution

The vendor has indicated these versions are patched:

• 9.4.8-HF5 and later
• 10.2.4 and later
• 11.0.0-HF2 and later
• 11.1.0-HF3 and later

Note: Systems that are licensed to run in Appliance mode on BIG-IP version 10.2.1-HF3 or later are not susceptible to this vulnerability. For more information about Appliance mode, refer to SOL12815: Overview of Appliance mode.

References

<http://support.f5.com/kb/en-us/solutions/public/12000/800/sol12815.html&gt;

Limitations

The target must be running the ssh service in order for the exploit to succeed.

The OpenSSH client must be installed on the SAINTexploit host.

Platforms

Linux
Unix