BSA-2017-258
Summary
Security Advisory ID : BSA-2017-258
Component : ECDHE Parameters
Revision : 1.0: Interim
If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer<br>leading to a client crash. This could be exploited in a Denial of Service attack.
Affected Products
Product | Current Assessment |
---|---|
Brocade Services Director | Impacted: Fixed in 2.3r1 and later. |
Products Confirmed Not Vulnerable
Brocade Fabric OS, Brocade FastIron OS, Brocade NetIron OS, Brocade Network OS, Brocade ServerIronADX, Brocade SLX-OS, Brocade Virtual ADX, Brocade Virtual Traffic Manager, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | May 2, 2017 |