SSH private key gives attackers access to BIG-IP appliances
After networking equipment specialist F5 Networks warned of a vulnerability in numerous network appliances on Tuesday, further details of the flaw that allowed attackers to log into devices at root privilege level have now emerged. F5 said that the situation was caused by a configuration error, but Florent Daigniere from Matta Consulting has identified an SSH private key as the cause.
In his advisory, Daigniere writes that the private key is present on all affected devices and has been disclosed publicly on sites such as Pastebin. According to the advisory, Daigniere discovered the vulnerability in mid-February, but F5 could only provide appropriate patches in late May.
The company has released firmware updates to fix the problem. Those who are unable to upgrade should apply the workaround described in the advisory. Administrators can check their systems to see if an attacker has exploited the hole by looking for unexpected root login messages under /var/log/secure.
(fab)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
