|
Vulnerability Intel Express Switch Affected Intel Express Switch 550F (Firmware version 2.63 and 2.64) Description Following is based on VIGILANTE-2000007 Security Advisory. Based on the response from Intel (quoted below), it is very likely that other switches from the same series are also affected. By sending an IP packet, either to the Intel Express 550F or a host behind it, with a malformed IP-header, the box crashes. To restart it, you need to pull the plug (the reset button also looses functionality). Solution Intel was contacted on the 18th of July, and on the 21st of July a beta fix was produced. Regression testing on the fix is not yet complete. Fix (quote from the vendor): "We're still working on a solution for you. Until then, I would advise that any reporting from you/your company, of this issue with the 500 series switches MUST include a statement which indicates contacting Intel® Customer Support for a fix. Following this, Intel® Customer Support will send the patch to the customer(s). For a list of phone numbers to get in touh with us, please refer to the following URL: http://www.intel.com/support/9089.htm