Last Modified: Dec 13, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1
Fixed In:
17.1.1, 15.1.10
Opened: Oct 01, 2020 Severity: 3-Major
LDAP/AD Remote authentication fails and the authenticating service may crash. The failure might be intermittent.
Logging in via the GUI will fail silently Logging in via ssh will cause the sshd service on LTM to crash and logs will be seen under /var/log/kern.log The logs will be similar to : info kernel: : [460810.000004] sshd[31600]: segfault at 0 ip 00002b3abcb2ef3e sp 00007fffef3431a0 error 4 in pam_ldap.so[2b3abcb2c000+7000] info kernel: : [460810.002036] traps: sshd[31598] general protection ip:fffffffffffffff3 sp:80000 error:0
LDAP/AD server SearchResEntry includes attribute with empty or NULL value. This can be seen in tcpdump of the LDAP communication in following ways 1. No Value for attribute . Example in tcpdump taken on affected user : vals: 1 item AttributeValue: 2. 1. NULL Value for attribute . Example in tcpdump taken on affected user : vals: 1 item AttributeValue: 00
There is no Workaround on the LTM side. For LDAP, you change/add the value from none/NULL on the affected attribute to ANY dummy value which will prevent the issue
None