- EXOS 15.X.X and 16.1.X
- X-Series Secure Core Router
The vulnerability for the following products have currently not been determined:
All other Extreme Networks products are NOT vulnerable to VN-2015-002.
- Security Information & Event Manager
- Summit WM3000 Series
All products that run ExtremeXOS (EXOS) software are vulnerable to VN-2015-002 Leap Second if NTP is configured and enabled on the switch. NOTE: SNTP is not affected by this vulnerability.
X-Series Secure Core Router
- Vulnerable Component: Kernel
- Conditions when component vulnerability occurs: While logging a leap second via printk, kernel deadlock can occur due to bad locking.
- Product version(s) affected: All EXOS products
- Workaround: Disable ntpd for at least 24 hours before leap second period (command: "disable ntp".)
- Target Fix Release: EXOS 16.2.1 See: VN 2015 002 Leap Second
- Target Fix Timeframe: March, 2016
Further details can be found in the official vulnerability notice: VN 2015 002 Leap Second
- Vulnerable Component: TBD
- Describe conditions when component Vulnerability occurs (why/when/how): When the Linux kernel processes a NTP add second or delete second event, it may suffer a deadlock while trying to log an informational message. The chances of this may be greater when a system is busy.
- Product version(s) affected: All active X-Series releases use a vulnerable Linux kernel version.
- Workaround: Disable NTP at least 24 hours before the date of each upcoming leap second. Wait a day after the leap second and then re-enable NTP.
- Target Fix Release: TBD
- Target Month for Fix Release: TBD