Vulnerability

    Intel Express Switch

Affected

    Intel Express Switch 550F (Firmware version 2.63 and 2.64)

Description

    Following is based on VIGILANTE-2000007 Security Advisory.   Based
    on the response from Intel (quoted below), it is very likely  that
    other switches from the same series are also affected.

    By sending an  IP packet, either  to the Intel  Express 550F or  a
    host behind it, with a  malformed IP-header, the box crashes.   To
    restart  it,  you  need  to  pull  the plug (the reset button also
    looses functionality).

Solution

    Intel was contacted on the 18th  of July, and on the 21st  of July
    a beta fix was produced.  Regression testing on the fix is not yet
    complete.  Fix (quote from  the vendor):  "We're still  working on
    a solution for you.  Until then, I would advise that any reporting
    from you/your company, of this issue with the 500 series  switches
    MUST  include  a  statement  which  indicates  contacting   Intel®
    Customer  Support  for  a  fix.   Following  this, Intel® Customer
    Support will send  the patch to  the customer(s).   For a list  of
    phone  numbers  to  get  in  touh  with  us,  please  refer to the
    following URL:

        http://www.intel.com/support/9089.htm