The purpose of this post is to provide information regarding the recently disclosed vulnerability in the OpenSSL protocol documented by CVE-2014-0160 and also known as “The Heartbleed bug.” This vulnerability takes advantage of the heartbeat extensions to the OpenSSL protocol (RFC6520).
Brocade’s family of SAN products offerting Fabric OS (FOS) software and IP products ADX, FCX, ICX, MLX, MLX-E, XMR CES, CER, RX, SX, VDX offering ServerIron, FastIron, NetIron, RX, Network OS (NOS), Brocade Network Advisor, Vyatta and vADX software do not make use of the heartbeat extensions and hence are not vulnerable to the exploit documented in CVE-2014-0160. In addition, the MyBrocade.com web site does not use OpenSSL and is not vulnerable to this issue.
Links to the CVE detailing out the "bug":
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160
OpenSSL vulnerability listing on CERT site:
http://www.kb.cert.org/vuls/id/720951
