Brocade Fibre Channel Networking Community

Expand all | Collapse all

Need advice on the recent security vulnerabilities

  • 1.  Need advice on the recent security vulnerabilities

    Posted 06-10-2014 10:32 PM

    Hi Brocade,

     

    My customer has two DS 300B running at FOS 6.4.2.

    He is worry about the recent security vulnerabilities.

    Please advice if the switches is affected by the following vulnerabilities:

     

    • SSL/TLS Man-in-the-middle (MITM) vulnerability   (CVE-2014-0224)
    • DTLS recursion flaw   (CVE-2014-0221)
    • DTLS invalid fragment vulnerability   (CVE-2014-0195)
    • SSL_MODE_RELEASE_BUFFERS NULL pointer deference   (CVE-2014-0198)
    • SSL_MODE_RELEASE_BUFFERS session injection or denial of service   (CVE-2010-5298)
    • Anonymous ECDH denial of service   (CVE-2014-3470)

    #BrocadeFibreChannelNetworkingCommunity
    #OpenSSL


  • 2.  Re: Need advice on the recent security vulnerabilities

    Posted 06-17-2014 07:42 AM

    Hi,

     

    In the following link: 

    http://www.brocade.com/services-support/drivers-downloads/oscd/oscd_listings.page

     

    you can see all the Open source code tools used by each FOS release, so that you can go to FOS 6.4 and check if the version used is affected by each of the CVEs.

     

    Rgds,

    Felipon


    #BrocadeFibreChannelNetworkingCommunity
    #opensourcecode
    #cve
    #vulnerabilities