Broadcom Brocade Assessment GNU C Library SA User guide

Type
User guide
February 13, 2015
GNU C Library “GHOST” Vulnerability (CVE-2015-0235) Assessment for Brocade
Revision 5.0
Vulnerabilities:
On January 27, 2015, a vulnerability was publicly announced in the Linux glibc library. The researchers at
Qualys discovered a buffer overflow in one of the functions of the GNU C Library (glibc), aka the
“GHOST” vulnerability, during an internal code audit. The vulnerability could be exploited remotely to run
arbitrary code on the affected systems.
This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2015-
0235.
Vulnerability Statement: The details for this vulnerability can be found using the
link to Qualys Advisory
Summary: Select Brocade products use the Linux library and and may be impacted by this vulnerability.
Brocade is working to develop a comprehensive plan to address this issue in all vulnerable products.
This notice will be updated as more information becomes available. Where there are impacts and fixes
these will be published in product-specific TSBs.
Assessment of Vulnerability for Brocade Products
Product
Current status
Brocade Network
Advisor
As an application it is not impacted but customers should check and
update any underlying Linux libraries to a non-impacted version.
Brocade Fabric OS
Products
Not impacted: FOS v7.3.0 and later do not contain an affected GNU C
Library. FOS versions prior to v7.3.0 contain an affected GNU C Library
(glibc version 2.3.6), however, there is no externally available interface that
can invoke the vulnerable functions. As such, there is no exposure in any
versions of FOS to this vulnerability.sible in FOS.
Brocade Network
OS
Not impacted: Contains the affected GNU C Library (glibc) but it is not
accessible in NOS.
Brocade NetIron
OS Products
Not impacted
Brocade FastIron
OS Products
Not impacted.
BigIron RX
Not impacted
Brocade
ServerIron ADX
Not impacted.
Brocade
ServerIron JetCore
Not impacted.
Brocade Virtual
ADX
Impacted, please see TSB 2015-213-A for details
page 2
Product
Current status
Brocade Vyatta
vRouter
Impacted, for
5600 product: this is fixed in 3.2.1R5
5400 product: will be part of 6.7R6
Brocade Vyatta
Controller
Not impacted but customers should check and update any underlying Linux
libraries to a non-impacted version.
ARB
Not impacted.
Brocade
ServerIron-XL
Not impacted.
IronView Network
Manager
As an application it is not impacted but customers should check and
update any underlying Linux libraries to a non-impacted version.
DCFM
As an application it is not impacted but customers should check and
update any underlying Linux libraries to a non-impacted version.
Brocade Mobility
Controllers
Under investigation.
Brocade Mobility
Access Points
Under investigation.
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES
AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES
OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE
INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED
HEREIN IS BASED ON BROCADE’S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE
VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS.
BROCADE
RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
Document Revision
Changes
1.0
First release
2.0
Updated to address Application Delivery products
3.0
Updated to address NetIron, FastIron and bigIron RX products
4.0
Upddated to address Brocade Vyatta vRouter
5.0
Updated FOS response to provide more explaination
  • Page 1 1
  • Page 2 2

Broadcom Brocade Assessment GNU C Library SA User guide

Type
User guide

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI