Connectrix B-Series: GNU Glibc Vulnerable to Memory Corruption using Heap Buffer Overflow

The corruption occurs when the assert() function fails under specific conditions. 

Heap buffer overflows are known to result in severe damage to the program's confidentiality, integrity, and availability. However, the credited researchers have only demonstrated denial-of-service (DoS) using segmentation fault, and the vendor believes that the vulnerability is relatively minor. It may only be exploited using custom setuid programs, and none of the known and default UNIX programs are affected.

Products Affected

• Brocade Fabric OS versions 9.1.0 through 9.2.1b and 9.2.2
• Brocade SANnav base OS (OVA deployment) versions before 2.4.0a
• Brocade ASCG base OS (OVA deployment) versions before 3.3.0

Products Confirmed Not Affected.

• Brocade Fabric OS versions 9.0.0 through 9.0.1e1 - [VEX Justification: Vulnerable_code_not_present]
• Brocade Fabric OS versions before 9.0 - [VEX Justification: Component_not_present]
• Brocade SANnav standard deployments are not affected by this vulnerability - [VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]
• Brocade ASCG standard deployments are not affected by this vulnerability - [VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]

Solution

• Security update provided in Brocade Fabric OS 9.2.1c and 9.2.2a
• Security update provided in Brocade SANnav base OS (OVA deployment) 2.4.0a
• SANnav base OS Security updates also provided in the sannav_ova_8x_os_05_2025 OVA patch. The OVA patch can be applied to 2.3.0, 2.3.0a, 2.3.1, 2.3.1a, 2.3.1b, 2.4.0 versions
• Security update provided in Brocade ASCG base OS (OVA deployment) 3.3.0