Support Content Notification - Support Portal

BSA-2017-264

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21497

Last Updated

02 May 2017

Initial Publication Date

02 May 2017

Status

Closed

Severity

High

CVSS Base Score

8.0

WorkAround

N/A

Affected CVE

CVE-2017-3733

Summary
Security Advisory ID : BSA-2017-264
Component : OpenSSL
Revision : 1.0: Interim

During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected.

Affected Products

Product	Current Assessment
Brocade Services Director	Impacted - Fixed in 2.3r1.

Products Confirmed Not Vulnerable

Brocade 5400 vRouter, Brocade 5600 vRouter, Brocade Fabric OS, Brocade FastIron OS, Brocade NetIron OS, Brocade Network OS, Brocade ServerIron ADX, Brocade SLX-OS, Brocade Virtual ADX, Brocade Virtual Traffic Manager, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.

Workaround

There are no workarounds that address this vulnerability.

Revision History

Version	Change	Date
1.0	Initial Publication	May 2, 2017

Summary Security Advisory ID : BSA-2017-264 Component : OpenSSL Revision : 1.0: Interim

Revision History

Summary
Security Advisory ID : BSA-2017-264
Component : OpenSSL
Revision : 1.0: Interim