09-10-2013 08:56 PM
There're some security vulnerabilities on brocade switch running FOS 6.3.1a are detected by customer's anti-virus program:
1. OpenSSH GSSAPI -- remote code execution
2. OpenSSH sshd Privilege Separation Monitor - unknown vulnerability
3. OpenSSH DoS
4. OpenSSH X11 Cookie -- bypass local authentication
All are defined as critical risk by this scanner program, it can be fixed ? Disable some services or upgrade FOS ?
09-11-2013 12:21 AM
I've never see in the past any such behavior, and neither BUG's nor Defect are known to me.
what is the anti-virus Software used by your Customer ?
09-11-2013 08:53 AM
Most likely the switch got scanned by a external (as in an appliance in the same network) vulnerability scanner like Nessus, but there are others.
During the scan the switch(es) got marked because of vulnerabilities in SSH, a opensource component used by Brocade.
On typical Unixes you could upgrade this individually.
As it's build in the FOS release I would not do this but instead look into the following options.
From preferred to less preffered (at least in my opinion)
1-upgrading your firmware if possible.
2-migrate management port to a shielded management vlan
3-set up the switch ip filter to only accept a few IP addresses
4-disable (or block with ipfilters) the ssh service, but this leaves you with even more insecure CLI management, namely telnet.
option 1-2-3 can also be combined which would make the management interface increasingly more secure.
09-18-2013 01:48 AM
Thanks all replies.
It should be caused by a lower version openSSH program used in FOS 6.3.1a, and FOS upgrade to 7.1x will update the program.