BSA-2017-370

Brocade Fabric OS

2 more products

21431

27 October 2017

25 August 2017

Closed

High

8.8

N/A

CVE-2017-9445

Summary

Security Advisory ID : BSA-2017-370

Component : Systemd

Revision : 2.0: Interim

In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.

Affected Products

Brocade is investigating its product lines to determine which products may be affected by this vulnerability and the impact on each affected product.

Products Confirmed Not Vulnerable

Brocade Fabric OS, Brocade FastIron OS, Brocade NetIron OS, Brocade ServerIron ADX, Brocade SLX-OS, Brocade Virtual ADX, and Brocade Workflow Composer are confirmed not affected by this vulnerability.

Workaround

There are no workarounds that address this vulnerability.


Revision History

Version Change Date
1.0 Initial Publication August 25, 2017
2.0 Updated to address ADX, vADX, & WC October 27, 2017