Technical Support Bulletins

Description: Brocade Network Advisor (BNA) includes an unused code path that is vulnerable to the Heartbleed bug within its PostgreSQL database package. BNA may become vulnerable to the Heartbleed bug if a customer attempts to enable SSL in the PostgreSQL database packaged within BNA. One would have to go into the low level configuration files within the PostgreSQL database package files in BNA and configure the product in such a way to expose the vulnerability which is neither documented nor supported. SSL is not enabled on the PostgreSQL database and is not a supported or documented configuration. Even though PostgreSQL has the ability to support SSL encrypted database connections via an SSL enabled ODBC client, this would not be a typical end user configuration, and exposure of the PostgreSQL database to Heartbleed would not yield any useful information to a would be attacker as the sensitive information in the database itself is encrypted.