Broadcom Brocade Assessment GNU C Library SA User guide

Brand: Broadcom

Model: Brocade Assessment GNU C Library SA

Type: User guide

February 13, 2015

GNU C Library “GHOST” Vulnerability (CVE-2015-0235) Assessment for Brocade

Revision 5.0

Vulnerabilities:

On January 27, 2015, a vulnerability was publicly announced in the Linux glibc library. The researchers at

Qualys discovered a buffer overflow in one of the functions of the GNU C Library (glibc), aka the

“GHOST” vulnerability, during an internal code audit. The vulnerability could be exploited remotely to run

arbitrary code on the affected systems.

This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2015-

0235.

Vulnerability Statement: The details for this vulnerability can be found using the

link to Qualys Advisory

Summary: Select Brocade products use the Linux library and and may be impacted by this vulnerability.

Brocade is working to develop a comprehensive plan to address this issue in all vulnerable products.

This notice will be updated as more information becomes available. Where there are impacts and fixes

these will be published in product-specific TSBs.

Assessment of Vulnerability for Brocade Products

Product

Current status

Brocade Network

Advisor

As an application it is not impacted but customers should check and

update any underlying Linux libraries to a non-impacted version.

Brocade Fabric OS

Products

Not impacted: FOS v7.3.0 and later do not contain an affected GNU C

Library. FOS versions prior to v7.3.0 contain an affected GNU C Library

(glibc version 2.3.6), however, there is no externally available interface that

can invoke the vulnerable functions. As such, there is no exposure in any

versions of FOS to this vulnerability.sible in FOS.

Brocade Network

Not impacted: Contains the affected GNU C Library (glibc) but it is not

accessible in NOS.

Brocade NetIron

OS Products

Not impacted

Brocade FastIron

OS Products

Not impacted.

BigIron RX

Not impacted

Brocade

ServerIron ADX

Not impacted.

Brocade

ServerIron JetCore

Not impacted.

Brocade Virtual

ADX

Impacted, please see TSB 2015-213-A for details

page 2

Product

Current status

Brocade Vyatta

vRouter

Impacted, for

 5600 product: this is fixed in 3.2.1R5

 5400 product: will be part of 6.7R6

Brocade Vyatta

Controller

Not impacted but customers should check and update any underlying Linux

libraries to a non-impacted version.

ARB

Not impacted.

Brocade

ServerIron-XL

Not impacted.

IronView Network

Manager

As an application it is not impacted but customers should check and

update any underlying Linux libraries to a non-impacted version.

DCFM

As an application it is not impacted but customers should check and

update any underlying Linux libraries to a non-impacted version.

Brocade Mobility

Controllers

Under investigation.

Brocade Mobility

Access Points

Under investigation.

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES

AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES

OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE

INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED

HEREIN IS BASED ON BROCADE’S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE

VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS.

BROCADE

RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

Document Revision

Changes

1.0

First release

2.0

Updated to address Application Delivery products

3.0

Updated to address NetIron, FastIron and bigIron RX products

4.0

Upddated to address Brocade Vyatta vRouter

5.0

Updated FOS response to provide more explaination

Broadcom Brocade Assessment GNU C Library SA User guide

Broadcom Brocade Assessment GNU C Library SA User guide

Broadcom Brocade Assessment GNU C Library SA User guide

Related papers

Other documents