AnsweredAssumed Answered

Vulnerability in glibc or libc6 also for layer 7 gateways?

Question asked by richardb80 on Mar 11, 2016
Latest reply on Mar 11, 2016 by burpr01

Hi all,

Today a co-worker informed me about vulnerability CVE-2015-7547. Description on the CVE website:

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the NSS module.

At this point, we have 1 version 8.2 gateway and we recently updated the test gateway to 9.0 with the latest security patches on it.

Does anyone know if this will affect both versions and means patches are needed?



Richard Bovens