Brocade BigIron RX switch ACL bypass vulnerability

2011-07-13T00:00:00
ID VU:853246
Type cert
Reporter CERT
Modified 2012-02-03T21:02:00

Description

Overview

Brocade BigIron RX switch devices are susceptible to an access control list (ACL) bypass vulnerability by sending packets with the source port 179.

Description

Brocade BigIron RX switch devices do not properly restricted packets sent with a source port of 179. Port 179 is commonly used for Border Gateway Protocol (BGP) communication. It has been reported that individual packets with a source port of 179 are allowed through, as well as, full SSH and RDP sessions.


Impact

A remote unauthenticated attacker can bypass any ACL rule on a BigIron RX switch device.


Solution

Apply an Update

Brocade has created software defect 355173 for this issue. The following patch releases address this vulnerability; RX 2.8.00a, 2.7.03b, and 2.7.02l. Customers should contact Brocade support to download these updates.


Workaround

Do not depend on BigIron RX switch devices to provide restricted access to any network infrastructure. Use a separate trusted firewall device to restrict access.


Vendor Information

853246

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Vendor has issued information

__ Sort by: Status Alphabetical

Expand all

Affected Unknown __ Unaffected

Javascript is disabled. Click here to view vendors.

Brocade

Notified: June 06, 2011 Updated: July 25, 2011

Status

__ Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

`Technical Support Bulletin``

July 21, 2011

TSB
2011-118-A
SEVERITY: High – Operational

**PRODUCTS AFFECTED:**

BigIron RX running all releases.

**CORRECTED IN RELEASE:**

Will be fixed in RX 2.7.02l, 2.7.03b, and 2.8.00a releases.

**Bulletin Overview**

BigIron RX switch does not properly restrict packets sent with a source port of 179. Port 179 is commonly used for Border Gateway Protocol (BGP) communication. These packets are allowed through the system. This has been reported by US-CERT <http://www.kb.cert.org/vuls/id/853246>

Brocade produces and publishes Technical Support Bulletins to OEMs, partners and customers that have a direct, entitled, support relationship in place with Brocade.

Please contact your primary service provider for further information regarding this topic and applicability for your environment.

**Problem Statement**

BigIron RX switch does not properly restrict packets sent with a source port of 179. Port 179 is commonly used for Border Gateway Protocol (BGP) communication. These packets are allowed through the system. This has been reported by US-CERT <http://www.kb.cert.org/vuls/id/853246>

The BigIron RX is using internal ACLs to set the priority of BGP traffic that is received on an interface. This priority is given to traffic sent or received by a peer. This priority is used internally in the RX when packets
are forwarded both through the switch and to the control CPU. This is done to prefer BGP control traffic over other non-control traffic.

ACLs are processed using a CAM (Content Addressable Memory) in the RX. A CAM works by comparing entries sequentially. The internal ACL is located in the first area of the CAM before user ACLs. So when a user ACL to deny BGP traffic is added it does not get used because the internal ACL is processed first.

**Risk assessment**

Some unwanted TCP packets may be forwarded by the BigIron RX. This could present a security violation for the customer.

**Symptoms**

ACLs added by the customer to restrict certain types of TCP traffic from being forwarded by the BigIron RX may not work. For example, if a customer added an ACL to drop all BGP traffic on an interface, it will not work.

**Workaround**

No workaround.

**Corrective Action**

Software defect 355173 has been created for this issue. This fix will be available in the following patch releases; RX 2.8.00a, 2.7.03b, and 2.7.02l.`

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | | N/A

References

<http://www.brocade.com/products/all/switches/product-details/bigiron-rx-series/index.page>

Credit

Thanks to Bashar Ewaida for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: | CVE-2011-4884
---|---
Severity Metric:** | 0.28
Date Public:
| 2011-07-13
Date First Published: | 2011-07-13
Date Last Updated: | 2012-02-03 21:02 UTC
Document Revision: | 24