Fibre Channel (SAN)

Reply
New Contributor
Posts: 4
Registered: ‎05-13-2013

Need advice on the recent security vulnerabilities

Hi Brocade,

 

My customer has two DS 300B running at FOS 6.4.2.

He is worry about the recent security vulnerabilities.

Please advice if the switches is affected by the following vulnerabilities:

 

  • SSL/TLS Man-in-the-middle (MITM) vulnerability   (CVE-2014-0224)
  • DTLS recursion flaw   (CVE-2014-0221)
  • DTLS invalid fragment vulnerability   (CVE-2014-0195)
  • SSL_MODE_RELEASE_BUFFERS NULL pointer deference   (CVE-2014-0198)
  • SSL_MODE_RELEASE_BUFFERS session injection or denial of service   (CVE-2010-5298)
  • Anonymous ECDH denial of service   (CVE-2014-3470)
Valued Contributor
Posts: 761
Registered: ‎06-11-2010

Re: Need advice on the recent security vulnerabilities

Hi,

 

In the following link: 

http://www.brocade.com/services-support/drivers-downloads/oscd/oscd_listings.page

 

you can see all the Open source code tools used by each FOS release, so that you can go to FOS 6.4 and check if the version used is affected by each of the CVEs.

 

Rgds,

Felipon

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook