Last Modified: Apr 12, 2025
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
16.1.5, 16.1.5.1, 16.1.5.2, 17.1.2, 17.1.2.1, 17.5.0
Opened: Mar 24, 2025 Severity: 3-Major
If an interactive user session is interrupted while a tmsh process is executing another command (e.g. bash), under particular circumstances the child process may continue executing. This occurs if the bash process is itself executing a long-running command (e.g. 'watch' or 'tcpdump' or similar), and then the SSH connection is interrupted.
Processes remain executing even after they should have been terminated because the user session disconnected. If the long-running command the bash process is executing tries to invoke tmsh, the LTM log file may contain repeated logs similar to the following: Mar 25 12:10:00 hostname notice tmsh[22420]: 01420003:5: Cannot load user credentials for user "username" Mar 25 12:10:00 hostname notice tmsh[22420]: 01420003:5: The current session has been terminated.
-- An interactive tmsh process runs another program (e.g. bash) -- That bash process is executing another command that will not generally exit on its own without user intervention (e.g. 'watch' or 'tcpdump') -- The user session is interrupted
Avoid unclean shutdown/interruption of user sessions if possible. Otherwise, identify the long-running processes that are still running, and then kill them.
None