BSA-2017-248
21393
28 April 2017
28 April 2017
Closed
High
8.6
N/A
CVE-2016-10142
Summary
Security Advisory ID : BSA-2017-248
Component : IPV6
Revision : 1.0: Interim
An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946].
Affected Products
| Product | Current Assessment |
|---|---|
| Brocade FastIron OS | Impacted: Fixed in 08.0.61. |
| Brocade NetIron OS | Impacted: Fixed in 6.2. |
| Brocade ServerIron ADX | Impacted: Fixed in 12.5.02p. |
Products Confirmed Not Vulnerable
Brocade Network Advisor, Brocade Network OS, Brocade SDN Controller, and Brocade Services Director are confirmed not affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
| Version | Change | Date |
|---|---|---|
| 1.0 | Initial Publication | August 25, 2017 |
| 1.0 | Initial Publication | April 28, 2017 |