Feeds

Exploit posted for vulnerable F5 kit

Metasploit code on Github gives remote access to BigIP

5 things you didn’t know about cloud backup

A vulnerability in F5 kit first announced in February may be in the wild, with code posted to Github purporting to be an exploit.

The original advisory stated that vulnerable installations of F5’s BigIP and other systems allowed an attacker to log in as root, because the vulnerability exposed the device’s SSH private key. F5 responded earlier this month.

Since it’s only seven days since F5 issued its advisory – and the patch – it’s likely that unpatched systems still exist.

F5 describes the issue as “A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.”

Today, exploit code has been posted to Github. That code purports to gain remote access to some of the affected F5 systems – its BigIP devices.

The vulnerability can be addressed either by users upgrading to a non-vulnerable version, or reconfiguring SSH access (instructions are provided at the F5 link).

The Register has sought comment from F5. ®

5 things you didn’t know about cloud backup

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?