February 5, 2015 GNU C Library “GHOST” Vulnerability (CVE-2015-0235) Assessment for Brocade Revision 3.0 Vulnerabilities: On January 27, 2015, a vulnerability was publicly announced in the Linux glibc library. The researchers at Qualys discovered a buffer overflow in one of the functions of the GNU C Library (glibc), aka the “GHOST” vulnerability, during an internal code audit. The vulnerability could be exploited remotely to run arbitrary code on the affected systems. This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-20150235. Vulnerability Statement: The details for this vulnerability can be found using the link to Qualys Advisory Summary: Select Brocade products use the Linux library and and may be impacted by this vulnerability. Brocade is working to develop a comprehensive plan to address this issue in all vulnerable products. This notice will be updated as more information becomes available. Where there are impacts and fixes these will be published in product-specific TSBs. Assessment of Vulnerability for Brocade Products Product Current status Brocade Network Advisor Brocade Fabric OS Products As an application it is not impacted but customers should check and update any underlying Linux libraries to a non-impacted version. Not impacted: Contains the affected GNU C Library (glibc) but it is not accessible in FOS. Brocade Network OS Not impacted: Contains the affected GNU C Library (glibc) but it is not accessible in NOS. Brocade NetIron OS Products Not impacted Brocade FastIron OS Products Not impacted. BigIron RX Not impacted Brocade ServerIron ADX Not impacted. Brocade ServerIron JetCore Not impacted. Brocade Virtual ADX Impacted, please see TSB 2015-213-A for details Brocade Vyatta vRouter Under investigation. Brocade Vyatta Controller Not impacted but customers should check and update any underlying Linux libraries to a non-impacted version. Product Current status ARB Not impacted. Brocade ServerIron-XL Not impacted. IronView Network Manager As an application it is not impacted but customers should check and update any underlying Linux libraries to a non-impacted version. DCFM As an application it is not impacted but customers should check and update any underlying Linux libraries to a non-impacted version. Brocade Mobility Controllers Under investigation. Brocade Mobility Access Points Under investigation. Disclaimer THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE’S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. Document Revision 1.0 2.0 3.0 Changes First release Updated to address Application Delivery products Updated to address NetIron, FastIron and bigIron RX products page 2
© Copyright 2024 ExpyDoc
