TSB 2009-070-A
P RO D U CT S AF FE CTE D :
BULLETIN OVERVIEW
Based on security vulnerability Cert Advisory 120541, the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols are vulnerable. The Web-server on Brocade devices
using these protocols exhibits the vulnerability in the re-negotiation protocol of the SSL
handshake (noted by Cert Advisory 120541).
Brocade produces and publishes Technical Support Bulletins to OEMs, partners and customers that
have a direct, entitled, support relationship in place with Brocade.
Please contact your primary service provider for further information regarding this topic and
applicability for your environment
2009 Brocade Communications Systems, Inc. All Rights Reserved. TSB 2009-070-A
PROBLEM STATEMENT
The vulnerability is in the mechanism used by the SSL and TLS protocols to allow renegotiation
requests. This vulnerability may allow a Man-In-The-Middle (MitM) to inject arbitrary requests into
an applications http protocol stream. This could result in a situation where the MitM may reload
Brocade IP-switches and routers through the web-management interface.
RISK ASSESSMENT
All Brocade customers with network deployments of the following products are at risk to a MitM
attack:
Brocade FastIron series (SX/FX/FGS/FLS/FCX/FES/Jetcore)
Brocade BigIron series (RX/Jetcore)
Brocade NetIron series (XMR/MLX)
Brocade ServerIron series
Brocade IronView Network Management (INM)
SYMPTOMS
MitM may establish SSL negotiation with the web-server, and hijack the clients SSL connection.
Because of this, MitM may be able to inject an arbitrary amount of chosen requests into the
beginning of the http protocol stream. The server prefixes the MitM request to a clients request,
thereby executing the MitMs request.
WORKAROUND
FastIron, BigIron, and NetIron series work around:
1.
2.
ServerIron series:
1.
2.
INM:
1.
The OpenSSL library version is being upgraded to release 0.9.8l in INM 3.2.00a
Service Pack available Dec 1709. The OpenSSL library version 0.9.81 will disable
renegotiation by default as a workaround for CERT advisory 120541/CVE-20093555.
2009 Brocade Communications Systems, Inc. All Rights Reserved. TSB 2009-070-A
2 of 3
CORRECTIVE ACTION
FastIron, BigIron and NetIron series:
1.
2.
b.
8.0.1x
ii.
7804x
iii. 9400x
2. Long term fix:
a.
ServerIron series:
1.
2.
b.
For additional information on Cert Advisory 120541, please refer to the links listed below
http://extendedsubset.com/?p=8
http://www.links.org/?p=780
http://www.links.org/?p=786
http://www.links.org/?p=789
http://blogs.iss.net/archive/sslmitmiscsrf.html
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
https://bugzilla.redhat.com/show_bug.cgi?id=533125
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html
http://cvs.openssl.org/chngview?cn=18790
http://www.links.org/files/no-renegotiation-2.patch
http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
2009 Brocade Communications Systems, Inc. All Rights Reserved. TSB 2009-070-A
3 of 3