Broadcom OpenSSL Security Advisory 20150319 Vulnerability Assessment for Brocade User guide
- Type
- User guide
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 1
Component: OpenSSL
CVSS: 5.0
CVE-2015-0207 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0207
The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate
the state information of independent data streams, which allows remote attackers to cause a
denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic
to a DTLS 1.2 server.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Not impacted
Brocade 5600 vRouter
Not impacted
Brocade Fabric OS
Not impacted
Brocade Network OS
Not impacted
Brocade NetIron OS
Not impacted
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Not impacted
Brocade ADX Series
Not impacted
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp
Traffic Manager (STM))
Not Impacted
Brocade Services Director
(formerly SteelApp Services
Controller (SSC))
Impacted - Users of Services Controller s/w installs should
consult their OS vendors to ensure their systems are secure.
Brocade Virtual Web Application
Firewall (formerly Brocade
SteelApp Application Firewall
(SAF))
Not impacted
Brocade Network Advisor
Not impacted
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 2
Component: OpenSSL
CVSS: 4.3
CVE-2015-0208 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0208
The ASN.1 signature-verification implementation in the rsa_item_verify function in
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via crafted RSA PSS
parameters to an endpoint that uses the certificate-verification feature.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Not impacted
Brocade 5600 vRouter
Not impacted
Brocade Fabric OS
Not impacted
Brocade Network OS
Not impacted
Brocade NetIron OS
Not impacted
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Not impacted
Brocade ADX Series
Not impacted
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp
Traffic Manager (STM))
Not impacted
Brocade Services Director
(formerly SteelApp Services
Controller (SSC))
Impacted - Users of Services Controller s/w installs should
consult their OS vendors to ensure their systems are secure.
Brocade Virtual Web Application
Firewall (formerly Brocade
SteelApp Application Firewall
(SAF))
Not impacted
Brocade Network Advisor
Not impacted
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not Impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 3
Component: OpenSSL
CVSS: 6.8
CVE-2015-0209 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0209
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL
before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow
remote attackers to cause a denial of service (memory corruption and application crash) or
possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is
improperly handled during import.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Impacted - Fixed in 6.7R7.
Brocade 5600 vRouter
Impacted - Fixed in 3.5R2.
Brocade Fabric OS
Impacted - Fixed in FOS 8.0.1/7.4.1d.
Brocade Network OS
Impacted - Fixed in 6.0.2.
Brocade NetIron OS
Impacted - Fixed in 5.9.0a and 6.0.0.
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Brocade will no longer provide security updates for JetCore
as End of Life (EoL) was May 30, 2016.
Brocade ServerIron ADX
Impacted – Fixed in 12.4.00r, 12.5.01e, and 12502d.
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp Traffic
Manager (STM))
Impacted - Upgrade appliances to version 10.1 and later.
Fixed in 9.9r1 for customers using the 9.9 LTS release.
Brocade vTM software customers are not affected.
Brocade Services Director (formerly
SteelApp Services Controller (SSC))
Impacted - Users of Services Controller VAs 2.0r1 or earlier
should upgrade to a newer version of the Services Controller.
Users of Services Controller s/w installs should consult their
OS vendors to ensure their systems are secure.
Brocade Virtual Web Application
Firewall (formerly Brocade SteelApp
Application Firewall (SAF))
Not impacted
Brocade Network Advisor
Impacted – Upgrade to 12.4.2.
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 4
Component: OpenSSL
CVSS: 4.3
CVE-2015-0285 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0285
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that
the PRNG is seeded before proceeding with a handshake, which makes it easier for remote
attackers to defeat cryptographic protection mechanisms by sniffing the network and then
conducting a brute-force attack.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Not Impacted
Brocade 5600 vRouter
Not Impacted
Brocade Fabric OS
Not Impacted
Brocade Network OS
Not Impacted
Brocade NetIron OS
Not Impacted
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Not impacted
Brocade ADX Series
Not impacted
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp
Traffic Manager (STM))
Not impacted
Brocade Services Director
(formerly SteelApp Services
Controller (SSC))
Impacted - Users of Services Controller s/w installs should
consult their OS vendors to ensure their systems are secure.
Brocade Virtual Web Application
Firewall (formerly Brocade
SteelApp Application Firewall
(SAF))
Not impacted
Brocade Network Advisor
Not Impacted
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 5
Component: OpenSSL
CVSS: 5.0
CVE-2015-0286 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0286
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0
before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-
type comparisons, which allows remote attackers to cause a denial of service (invalid read
operation and application crash) via a crafted X.509 certificate to an endpoint that uses the
certificate-verification feature.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Impacted - Fixed in 6.7R7.
Brocade 5600 vRouter
Impacted - Fixed in 3.5R2.
Brocade Fabric OS
Impacted - Fixed in FOS 8.0.1/7.4.1d.
Brocade Network OS
Impacted - Fixed in 6.0.2.
Brocade NetIron OS
Impacted - Fixed in 5.9.00a and 6.0.0.
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Brocade will no longer provide security updates for JetCore
as End of Life (EoL) was May 30, 2016.
Brocade ServerIron ADX
Impacted – Fixed in 12.4.00r, 12.5.01e, and 12502d.
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp Traffic
Manager (STM))
Impacted - Upgrade appliances to version 10.1 and later.
Fixed in 9.9r1 for customers using the 9.9 LTS release.
Brocade vTM software customers are not affected.
Brocade Services Director
(formerly SteelApp Services
Controller (SSC))
Impacted - Users of Services Controller VAs 2.0r1 or earlier
should upgrade to a newer version of the Services Controller.
Users of Services Controller s/w installs should consult their
OS vendors to ensure their systems are secure.
Brocade Virtual Web Application
Firewall (formerly Brocade
SteelApp Application Firewall
(SAF))
Impacted - Upgrade to 4.9-35461.
Brocade Network Advisor
Impacted – Upgrade to 12.4.2.
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 6
Component: OpenSSL
CVSS: 5.0
CVE-2015-0287 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0287
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0
before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and
ADB data structures, which might allow attackers to cause a denial of service (invalid write
operation and memory corruption) by leveraging an application that relies on ASN.1 structure
reuse.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Impacted - Fixed in 6.7R7.
Brocade 5600 vRouter
Impacted - Fixed in 3.5R3.
Brocade Fabric OS
Impacted - Fixed in FOS 8.0.1/7.4.1d.
Brocade Network OS
Impacted - Fixed in 6.0.2.
Brocade NetIron OS
Impacted - Fixed in 5.9.00a and 6.0.0.
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Brocade will no longer provide security updates for JetCore
as End of Life (EoL) was May 30, 2016.
Brocade ServerIron ADX
Impacted – Fixed in 12.4.00r, 12.5.01e, and 12502d.
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp
Traffic Manager (STM))
Impacted - Upgrade appliances to version 10.1 and later.
Fixed in 9.9r1 for customers using the 9.9 LTS release.
Brocade vTM software customers are not affected.
Brocade Services Director
(formerly SteelApp Services
Controller (SSC))
Impacted - Users of Services Controller VAs 2.0r1 or earlier
should upgrade to a newer version of the Services Controller.
Users of Services Controller s/w installs should consult their
OS vendors to ensure their systems are secure.
Brocade Virtual Web Application
Firewall (formerly Brocade
SteelApp Application Firewall
(SAF))
Impacted – Upgrade to 4.9-35461.
Brocade Network Advisor
Impacted – Upgrade to 12.4.2.
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 7
Component: OpenSSL
CVSS: 5.0
CVE-2015-0288 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0288
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf,
1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause
a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Impacted - Fixed in 6.7R7.
Brocade 5600 vRouter
Impacted - Fixed in 3.5R2.
Brocade Fabric OS
Impacted – Fixed in FOS 8.0.1/7.4.1d.
Brocade Network OS
Impacted - Fixed in 6.0.2.
Brocade NetIron OS
Not impacted
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Brocade will no longer provide security updates for JetCore
as End of Life (EoL) was May 30, 2016.
Brocade ServerIron ADX
Impacted – Fixed in 12.4.00r, 12.5.01e, and 12502d.
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp
Traffic Manager (STM))
Impacted - Upgrade appliances to version 10.1 and later.
Fixed in 9.9r1 for customers using the 9.9 LTS release.
Brocade vTM software customers are not affected.
Brocade Services Director
(formerly SteelApp Services
Controller (SSC))
Impacted - Users of Services Controller VAs 2.0r1 or earlier
should upgrade to a newer version of the Services Controller.
Users of Services Controller s/w installs should consult their
OS vendors to ensure their systems are secure.
Brocade Virtual Web Application
Firewall (formerly Brocade
SteelApp Application Firewall
(SAF))
Impacted - Upgrade to 4.9-35461.
Brocade Network Advisor
Impacted – Upgrade to 12.4.2.
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 8
Component: OpenSSL
CVSS: 5.0
CVE-2015-0289 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0289
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before
1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which
allows attackers to cause a denial of service (NULL pointer dereference and application crash) by
leveraging an application that processes arbitrary PKCS#7 data and providing malformed data
with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Impacted - Fixed in 6.7R7.
Brocade 5600 vRouter
Impacted - Fixed in 3.5R2.
Brocade Fabric OS
Impacted - Fixed in FOS 8.0.1/7.4.1d.
Brocade Network OS
Impacted - Fixed in 6.0.2.
Brocade NetIron OS
Impacted - Fixed in 5.9.0a and 6.0.0.
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Brocade will no longer provide security updates for JetCore
as End of Life (EoL) was May 30, 2016.
Brocade ServerIron ADX
Impacted – Fixed in 12.4.00r, 12.5.01e, and 12502d.
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp
Traffic Manager (STM))
Impacted - Upgrade appliances to version 10.1 and later.
Fixed in 9.9r1 for customers using the 9.9 LTS release.
Brocade vTM software customers are not affected.
Brocade Services Director
(formerly SteelApp Services
Controller (SSC))
Impacted - Users of Services Controller VAs 2.0r1 or earlier
should upgrade to a newer version of the Services Controller.
Users of Services Controller s/w installs should consult their
OS vendors to ensure their systems are secure.
Brocade Virtual Web Application
Firewall (formerly Brocade
SteelApp Application Firewall
(SAF))
Impacted - Upgrade to 4.9-35461.
Brocade Network Advisor
Impacted – Upgrade to 12.4.2.
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 9
Component: OpenSSL
CVSS: 5.0
CVE-2015-0290 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0290
The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before
1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-
blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption
and application crash) via unspecified vectors.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Not impacted
Brocade 5600 vRouter
Not impacted
Brocade Fabric OS
Not impacted
Brocade Network OS
Not impacted
Brocade NetIron OS
Not impacted
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Not impacted
Brocade ADX Series
Not impacted
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp
Traffic Manager (STM))
Not impacted
Brocade Services Director
(formerly SteelApp Services
Controller (SSC))
Impacted - Users of Services Controller s/w installs should
consult their OS vendors to ensure their systems are secure.
Brocade Virtual Web Application
Firewall (formerly Brocade
SteelApp Application Firewall
(SAF))
Not impacted
Brocade Network Advisor
Not impacted
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 10
Component: OpenSSL
CVSS: 5.0
CVE-2015-0291 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0291
The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to
cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid
signature_algorithms extension in the ClientHello message during a renegotiation.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Not impacted
Brocade 5600 vRouter
Not impacted
Brocade Fabric OS
Not impacted
Brocade Network OS
Not impacted
Brocade NetIron OS
Not impacted
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Not impacted
Brocade ADX Series
Not impacted
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp
Traffic Manager (STM))
Not impacted
Brocade Services Director
(formerly SteelApp Services
Controller (SSC))
Impacted - Upgrade to a newer version of the Services
Controller. Users of Services Controller s/w installs should
consult their OS vendors to ensure their systems are secure.
Brocade Virtual Web Application
Firewall (formerly Brocade
SteelApp Application Firewall
(SAF))
Not impacted
Brocade Network Advisor
Not impacted
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 11
Component: OpenSSL
CVSS: 7.5
CVE-2015-0292 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0292
Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-
decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have
unspecified other impact via crafted base64 data that triggers a buffer overflow.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Impacted - Fixed in 6.7R7.
Brocade 5600 vRouter
Impacted - Fixed in 3.5R3.
Brocade Fabric OS
Impacted - Fixed in FOS 8.0.1/7.4.1d.
Brocade Network OS
Impacted - Fixed in 6.0.2.
Brocade NetIron OS
Not impacted
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Brocade will no longer provide security updates for JetCore as
End of Life (EoL) was May 30, 2016.
Brocade ServerIron ADX
Impacted – Fixed in 12.4.00r, 12.5.01e, and 12502d.
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp
Traffic Manager (STM))
Impacted - Upgrade appliances to version 10.1 and later.
Fixed in 9.9r1 for customers using the 9.9 LTS release.
Brocade vTM software customers are not affected.
Brocade Services Director
(formerly SteelApp Services
Controller (SSC))
Impacted - Users of Services Controller VAs 2.0r1 or earlier
should upgrade to a newer version of the Services Controller.
Users of Services Controller s/w installs should consult their
OS vendors to ensure their systems are secure.
Brocade Virtual Web Application
Firewall (formerly Brocade
SteelApp Application Firewall
(SAF))
Impacted - Upgrade to 4.9-35461.
Brocade Network Advisor
Not impacted
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 12
Component: OpenSSL
CVSS: 5.0
CVE-2015-0293 - https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0293
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before
1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c
assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Impacted - Fixed in 6.7R10.
Brocade 5600 vRouter
Impacted - Fixed in 3.5R6.
Brocade Fabric OS
Not impacted
Brocade Network OS
Not impacted
Brocade NetIron OS
Not Impacted
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Impacted – Disable SSLv2.
Brocade ServerIron ADX
Impacted – Fixed in 12.4.00r, 12.5.01e, and 12502d.
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp
Traffic Manager (STM))
Impacted - Upgrade appliances to version 10.1 and later.
Fixed in 9.9r1 for customers using the 9.9 LTS release.
Brocade vTM software customers are not affected.
Brocade Services Director
(formerly SteelApp Services
Controller (SSC))
Impacted – Users of Services Controller VAs 2.0r1 or earlier
should upgrade to a newer version of the Services Controller.
Users of Services Controller s/w installs should consult their
OS vendors to ensure their systems are secure.
Brocade Virtual Web Application
Firewall (formerly Brocade
SteelApp Application Firewall
(SAF))
Impacted - Upgrade to 4.9-35461.
Brocade Network Advisor
Impacted – Upgrade to 12.4.2.
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 13
Component: OpenSSL
CVSS: 2.63
CVE-2015-1787 – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1787
The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when
client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote
attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a
length of zero.
Product
Current Assessment
Brocade SDN Controller
Not impacted
Brocade 5400 vRouter
Not impacted
Brocade 5600 vRouter
Not impacted
Brocade Fabric OS
Not impacted
Brocade Network OS
Not impacted
Brocade NetIron OS
Not impacted
Brocade FastIron OS
Not impacted
Brocade BigIron RX
Not impacted
ServerIron JetCore
Not impacted
Brocade ADX Series
Not impacted
Brocade Virtual ADX
Not impacted
Brocade Virtual Traffic Manager
(formerly Brocade SteelApp
Traffic Manager (STM))
Not impacted
Brocade Services Director
(formerly SteelApp Services
Controller (SSC))
Not impacted
Brocade Virtual Web Application
Firewall (formerly Brocade
SteelApp Application Firewall
(SAF))
Not impacted
Brocade Network Advisor
Not impacted
Brocade IronView Network
Manager
Not impacted
Brocade Data Center Fabric
Manager
Not impacted
Brocade Security Advisory ID: BSA-2015-004
Initial Publication Date: May 13, 2015
Revision: 6.0
Revision Date: April 7, 2017
Page 14
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL
PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY,
INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN
RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE’S CURRENT
KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO
BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT
TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
Document Revision
Changes
1.0
Initial Publication
2.0
Change table format, added CVE information and assessment updates
3.0
Updated to address ServerIron ADX and Network OS
4.0
Updated to address NetIron OS
5.0
Updated to address 5400 vRouter, 5600 vRouter, Fabric OS, Network
OS, JetCore, Traffic Manager, Services Director, IronView, and BNA
6.0
Updated to address FOS
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
Broadcom OpenSSL Security Advisory 20150319 Vulnerability Assessment for Brocade User guide
- Type
- User guide
Ask a question and I''ll find the answer in the document
Finding information in a document is now easier with AI
Related papers
-
Broadcom Brocade Security Advisory 2016-006 User guide
-
-
-
-
Other documents
-
Brocade Communications Systems S3-1002483-03 User manual
-
-
Dell PowerConnect B-RX Owner's manual
-
Dell BigIron RX-4 Installation guide
-
-
-
-
-
-
Brocade E1MG-SX-OM Datasheet