February 13, 2015
GNU C Library “GHOST” Vulnerability (CVE-2015-0235) Assessment for Brocade
Revision 5.0
Vulnerabilities:
On January 27, 2015, a vulnerability was publicly announced in the Linux glibc library. The researchers at
Qualys discovered a buffer overflow in one of the functions of the GNU C Library (glibc), aka the
“GHOST” vulnerability, during an internal code audit. The vulnerability could be exploited remotely to run
arbitrary code on the affected systems.
This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2015-
0235.
Vulnerability Statement: The details for this vulnerability can be found using the
link to Qualys Advisory
Summary: Select Brocade products use the Linux library and and may be impacted by this vulnerability.
Brocade is working to develop a comprehensive plan to address this issue in all vulnerable products.
This notice will be updated as more information becomes available. Where there are impacts and fixes
these will be published in product-specific TSBs.
Assessment of Vulnerability for Brocade Products
As an application it is not impacted but customers should check and
update any underlying Linux libraries to a non-impacted version.
Brocade Fabric OS
Products
Not impacted: FOS v7.3.0 and later do not contain an affected GNU C
Library. FOS versions prior to v7.3.0 contain an affected GNU C Library
(glibc version 2.3.6), however, there is no externally available interface that
can invoke the vulnerable functions. As such, there is no exposure in any
versions of FOS to this vulnerability.sible in FOS.
Not impacted: Contains the affected GNU C Library (glibc) but it is not
accessible in NOS.
Brocade NetIron
OS Products
Brocade FastIron
OS Products
Brocade
ServerIron JetCore
Impacted, please see TSB 2015-213-A for details