TECHNICAL SUPPORT BULLETIN

December 17, 2009

TSB 2009-070-A

SEVERITY: Critical Service Impact

P RO D U CT S AF FE CTE D :

Brocade FastIron series (SX/FX/FGS/FLS/FCX/FES/JetCore)

Brocade BigIron series (RX/JetCore)
Brocade NetIron series (XMR/MLX)
Brocade ServerIron series
Brocade IronView Network Management (INM)
CORRECTED IN RELEASE:
Once the SSL/TLS protocol is updated to resolve this vulnerability, Brocade will issue patches for the
affected products.

BULLETIN OVERVIEW
Based on security vulnerability Cert Advisory 120541, the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols are vulnerable. The Web-server on Brocade devices
using these protocols exhibits the vulnerability in the re-negotiation protocol of the SSL
handshake (noted by Cert Advisory 120541).

Brocade produces and publishes Technical Support Bulletins to OEMs, partners and customers that
have a direct, entitled, support relationship in place with Brocade.
Please contact your primary service provider for further information regarding this topic and
applicability for your environment

2009 Brocade Communications Systems, Inc. All Rights Reserved. TSB 2009-070-A

PROBLEM STATEMENT
The vulnerability is in the mechanism used by the SSL and TLS protocols to allow renegotiation
requests. This vulnerability may allow a Man-In-The-Middle (MitM) to inject arbitrary requests into
an applications http protocol stream. This could result in a situation where the MitM may reload
Brocade IP-switches and routers through the web-management interface.

RISK ASSESSMENT
All Brocade customers with network deployments of the following products are at risk to a MitM
attack:
Brocade FastIron series (SX/FX/FGS/FLS/FCX/FES/Jetcore)
Brocade BigIron series (RX/Jetcore)
Brocade NetIron series (XMR/MLX)
Brocade ServerIron series
Brocade IronView Network Management (INM)

SYMPTOMS
MitM may establish SSL negotiation with the web-server, and hijack the clients SSL connection.
Because of this, MitM may be able to inject an arbitrary amount of chosen requests into the
beginning of the http protocol stream. The server prefixes the MitM request to a clients request,
thereby executing the MitMs request.

WORKAROUND
FastIron, BigIron, and NetIron series work around:
1.

Temporarily disable web-management.

2.

Configuration command: no web-management

ServerIron series:
1.

Disable Web Management.

2.

For SI 4G-SSL, WSM6-SSL-1, WSM6-SSL-2, SRVC-SSL-1, and SRVC-SSL-2: Upgrade

to 10.2.01m to address the vulnerability of the SSL features.

INM:
1.

The OpenSSL library version is being upgraded to release 0.9.8l in INM 3.2.00a
Service Pack available Dec 1709. The OpenSSL library version 0.9.81 will disable
renegotiation by default as a workaround for CERT advisory 120541/CVE-20093555.

2009 Brocade Communications Systems, Inc. All Rights Reserved. TSB 2009-070-A

2 of 3

CORRECTIVE ACTION
FastIron, BigIron and NetIron series:
1.

2.

Short term fix:

a.

Patch for the web-server to disable the re-negotiation.

b.

The patches disabling the re-negotiation feature are targeted to be available

1H 2010.

Long term fix:

a.

Once the SSL/TLS protocol is updated to resolve this vulnerability, Brocade

will issue a patch.

BigIron/NetIron Jetcore series:

1. Short term fix:
a.

The following patches disabling the re-negotiation are targeted to be

available 1H 2010:
i.

8.0.1x

ii.

7804x

iii. 9400x
2. Long term fix:
a.

Once the SSL/TLS protocol is updated to resolve this vulnerability, Brocade

will issue a patch.

ServerIron series:
1.

2.

Short term fix:

a.

ServerIron configured with the sslssl-terminate or sslssl-proxy command is

vulnerable to Man-in-the-middle attacks. A patch 10.2.01m was released
Dec 109 for JetCore ServerIron platforms (WSM6-SSL & SI4G-SSL). With
this fix SSL renegotiation is disabled on the JetCore ServerIron platforms.

b.

The upcoming SSL offering on the ServerIron ADX platform planned to

release January 2010 will include this fix as well.

Long term fix:

a.

Once the SSL/TLS protocol is updated to resolve this vulnerability, Brocade

will issue a patch.

For additional information on Cert Advisory 120541, please refer to the links listed below
http://extendedsubset.com/?p=8
http://www.links.org/?p=780
http://www.links.org/?p=786
http://www.links.org/?p=789
http://blogs.iss.net/archive/sslmitmiscsrf.html
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
https://bugzilla.redhat.com/show_bug.cgi?id=533125
http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html
http://cvs.openssl.org/chngview?cn=18790
http://www.links.org/files/no-renegotiation-2.patch
http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html
https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
2009 Brocade Communications Systems, Inc. All Rights Reserved. TSB 2009-070-A

3 of 3