BSA-2017-270
21423
09 September 2017
17 May 2017
Closed
Medium
5.8
N/A
CVE-2014-2653
Summary
Security Advisory ID : BSA-2017-270
Component : OpenSSH
Revision : 2.0: Interim
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
Affected Products
Product | Current Assessment |
Brocade Services Director | Impacted: Fixed in 2.4. |
Brocade SLX-OS | Impacted: Fixed in 17R.2.0. |
Products Confirmed Not Vulnerable
Brocade FastIron OS, Brocade NetIron OS, Brocade ServerIron ADX, Brocade Virtual ADX, Brocade Virtual Traffic Manager, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | May 17, 2017 |
2.0 | Updated to address SLX-OS | September 8, 2017 |