Last Modified: Oct 17, 2023
Affected Product(s):
BIG-IP GTM
Known Affected Versions:
11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4
Opened: Jan 11, 2019 Severity: 4-Minor
After running the big_ip add script without a specifying a server address, the host address posted in the ssh password prompt is an IPv4-mapped IPv6 address for IPv4 servers. For example: Enter root password for 0000:0000:0000:0000:0000:FFFF:0A3C:010A
There is no way to tell what the actual server name is without converting the IPv4-mapped IPv6 addresses back to an IPv4 to find which password to enter, for example: 0A3C:010A to 10.60.1.10
Run bigip_add without a server address, when the host address is an IPv4-mapped IPv6 address.
To workaround this, edit the bigip_add script. IMPORTANT: Make sure to back up the bigip_add script before making modifications. 1. Make /usr folder writable # mount -o rw,remount /usr 2. Backup bigip_add: # cp /usr/local/bin/bigip_add /shared/tmp/bigip_add.backup 3. Edit bigip_add by adding different 'print' output for IPv4 servers. Replace this: < print "Enter $ruser password for $ip if prompted\n"; With something similar to this: > if ($ip =~ /0000:0000:0000:0000:0000:FFFF:/) { > my $display_ipv4 = ipv6_to_ipv4($ip); > print "Enter $ruser password for $display_ipv4 if prompted\n"; > } else { > print "Enter $ruser password for $ip if prompted\n"; > } NOTE: Do not modify the actual value for $ip. Below is an example diff: # diff /shared/tmp/bigip_add.backup /usr/local/bin/bigip_add 18a19 > 43a45,51 > sub ipv6_to_ipv4 > { > my $in_addr = $_[0]; > my @ipv6 = split /:/, $in_addr; > > my $ipv6_part1 = hex ($ipv6[6]); > my $ipv6_part2 = hex($ipv6[7]); 44a53,60 > my $ipv4_1=scalar($ipv6_part1>>8); > my $ipv4_2=scalar($ipv6_part1&0xff); > my $ipv4_3=scalar($ipv6_part2>>8); > my $ipv4_4=scalar($ipv6_part2&0xff); > > my $ipv4 = "${ipv4_1}.${ipv4_2}.${ipv4_3}.${ipv4_4}"; > return $ipv4; > } 75d90 < 152c167,173 < print "Enter $ruser password for $ip if prompted\n"; --- > > if ($ip =~ /0000:0000:0000:0000:0000:FFFF:/) { > my $display_ipv4 = ipv6_to_ipv4($ip); > print "Enter $ruser password for $display_ipv4 if prompted\n"; > } else { > print "Enter $ruser password for $ip if prompted\n"; > } 179d199 <
None