F5 BIG-IP SSH Configuration Error Lets Remote Users Gain Root Access
|
|
SecurityTracker Alert ID: 1027137 |
|
SecurityTracker URL: http://securitytracker.com/id/1027137
|
|
CVE Reference:
CVE-2012-1493
(Links to External Site)
|
Date: Jun 8 2012
|
Impact:
Root access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Models 520, 540, 1000, 2000, 2400, 5000, 5100, 1600, 3600, 3900, 6900, 8900, 8950, 11000, and 11050
|
Description:
A vulnerability was reported in F5 BIG-IP. A remote user can gain root access.
A remote user can exploit an SSH configuration flaw to gain root access on the target device.
The vendor has assigned ID 379600 to this vulnerability.
The following other F5 products are also affected:
- VIPRION B2100, B4100, and B4200
- BIG-IP Virtual Edition
- Enterprise Manager 3000 and 4000
Florent Daignier of Matta Consulting reported this vulnerability.
|
Impact:
A remote user can gain root access.
|
Solution:
The vendor has issued a fix.
The vendor's advisory is available at:
http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html
|
Vendor URL: support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html (Links to External Site)
|
Cause:
Configuration error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 08 Jun 2012 16:47:15 +0000
Subject: F5 BIG-IP
|
http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html
sol13600: SSH vulnerability CVE-2012-1493
|
|
