Summary

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Note

Brocade Fabric OS performs proper validation on SSH connections made with the switch or director.  Standard behavior for connectivity initiated by the Brocade Fabric OS with external servers uses SCP or SFTP which also has proper validation to avoid this vulnerability for opertations intiatived by internal Fabric OS functions.  Brocade Fabric OS is only exposed if a user attempts to use inline connectivity to an external server from the switch which requires the attacker to first log into the switch.  Inline mitigations exist for all standard FOS operations, including SSH connections initiated externally to the switch.

Products Affected

• Brocae Fabric OS versions before 9.2.0c3, and 9.2.1 through 9.2.1a1
• Brocade SANnav versions before 2.3.0a and in version 2.3.1
• Brocade ASCG versions before 3.1.0

Solution

• Security update provided in Brocade Fabric OS 9.2.0c3, 9.2.1b and 9.2.2
• Security update provided in Brocade SANnav 2.3.0a and 2.3.1a
• Security update provided in Brocade ASCG 3.1.0

Revision History

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.