var-201509-0438
Vulnerability from variot

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. GNU glibc is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may crash the application, denying service to legitimate users.

It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: RHSA-2015:2199-07 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2199.html Issue date: 2015-11-19 CVE Names: CVE-2013-7423 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 =====================================================================

  1. Summary:

Updated glibc packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423)

A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. (CVE-2015-1781)

A heap-based buffer overflow flaw and a stack overflow flaw were found in glibc's swscanf() function. (CVE-2015-1472, CVE-2015-1473)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in glibc's _IO_wstr_overflow() function. (BZ#1195762)

A flaw was found in the way glibc's fnmatch() function processed certain malformed patterns. An attacker able to make an application call this function could use this flaw to crash that application. (BZ#1197730)

The CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.

These updated glibc packages also include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal:

https://access.redhat.com/articles/2050743

All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1064066 - Test suite failure: test-ldouble 1098042 - getaddrinfo return EAI_NONAME instead of EAI_AGAIN in case the DNS query times out 1144133 - calloc in dl-reloc.c computes size incorrectly 1187109 - CVE-2013-7423 glibc: getaddrinfo() writes DNS queries to random file descriptors under high load 1188235 - CVE-2015-1472 glibc: heap buffer overflow in glibc swscanf 1195762 - glibc: _IO_wstr_overflow integer overflow 1197730 - glibc: potential denial of service in internal_fnmatch() 1199525 - CVE-2015-1781 glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer 1207032 - glibc deadlock when printing backtrace from memory allocator 1209105 - CVE-2015-1473 glibc: Stack-overflow in glibc swscanf 1219891 - Missing define for TCP_USER_TIMEOUT in netinet/tcp.h 1225490 - [RFE] Unconditionally enable SDT probes in glibc builds.

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: glibc-2.17-105.el7.src.rpm

x86_64: glibc-2.17-105.el7.i686.rpm glibc-2.17-105.el7.x86_64.rpm glibc-common-2.17-105.el7.x86_64.rpm glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-devel-2.17-105.el7.i686.rpm glibc-devel-2.17-105.el7.x86_64.rpm glibc-headers-2.17-105.el7.x86_64.rpm glibc-utils-2.17-105.el7.x86_64.rpm nscd-2.17-105.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-static-2.17-105.el7.i686.rpm glibc-static-2.17-105.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: glibc-2.17-105.el7.src.rpm

x86_64: glibc-2.17-105.el7.i686.rpm glibc-2.17-105.el7.x86_64.rpm glibc-common-2.17-105.el7.x86_64.rpm glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-devel-2.17-105.el7.i686.rpm glibc-devel-2.17-105.el7.x86_64.rpm glibc-headers-2.17-105.el7.x86_64.rpm glibc-utils-2.17-105.el7.x86_64.rpm nscd-2.17-105.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-static-2.17-105.el7.i686.rpm glibc-static-2.17-105.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: glibc-2.17-105.el7.src.rpm

aarch64: glibc-2.17-105.el7.aarch64.rpm glibc-common-2.17-105.el7.aarch64.rpm glibc-debuginfo-2.17-105.el7.aarch64.rpm glibc-devel-2.17-105.el7.aarch64.rpm glibc-headers-2.17-105.el7.aarch64.rpm glibc-utils-2.17-105.el7.aarch64.rpm nscd-2.17-105.el7.aarch64.rpm

ppc64: glibc-2.17-105.el7.ppc.rpm glibc-2.17-105.el7.ppc64.rpm glibc-common-2.17-105.el7.ppc64.rpm glibc-debuginfo-2.17-105.el7.ppc.rpm glibc-debuginfo-2.17-105.el7.ppc64.rpm glibc-debuginfo-common-2.17-105.el7.ppc.rpm glibc-debuginfo-common-2.17-105.el7.ppc64.rpm glibc-devel-2.17-105.el7.ppc.rpm glibc-devel-2.17-105.el7.ppc64.rpm glibc-headers-2.17-105.el7.ppc64.rpm glibc-utils-2.17-105.el7.ppc64.rpm nscd-2.17-105.el7.ppc64.rpm

ppc64le: glibc-2.17-105.el7.ppc64le.rpm glibc-common-2.17-105.el7.ppc64le.rpm glibc-debuginfo-2.17-105.el7.ppc64le.rpm glibc-debuginfo-common-2.17-105.el7.ppc64le.rpm glibc-devel-2.17-105.el7.ppc64le.rpm glibc-headers-2.17-105.el7.ppc64le.rpm glibc-utils-2.17-105.el7.ppc64le.rpm nscd-2.17-105.el7.ppc64le.rpm

s390x: glibc-2.17-105.el7.s390.rpm glibc-2.17-105.el7.s390x.rpm glibc-common-2.17-105.el7.s390x.rpm glibc-debuginfo-2.17-105.el7.s390.rpm glibc-debuginfo-2.17-105.el7.s390x.rpm glibc-debuginfo-common-2.17-105.el7.s390.rpm glibc-debuginfo-common-2.17-105.el7.s390x.rpm glibc-devel-2.17-105.el7.s390.rpm glibc-devel-2.17-105.el7.s390x.rpm glibc-headers-2.17-105.el7.s390x.rpm glibc-utils-2.17-105.el7.s390x.rpm nscd-2.17-105.el7.s390x.rpm

x86_64: glibc-2.17-105.el7.i686.rpm glibc-2.17-105.el7.x86_64.rpm glibc-common-2.17-105.el7.x86_64.rpm glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-devel-2.17-105.el7.i686.rpm glibc-devel-2.17-105.el7.x86_64.rpm glibc-headers-2.17-105.el7.x86_64.rpm glibc-utils-2.17-105.el7.x86_64.rpm nscd-2.17-105.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64: glibc-debuginfo-2.17-105.el7.aarch64.rpm glibc-static-2.17-105.el7.aarch64.rpm

ppc64: glibc-debuginfo-2.17-105.el7.ppc.rpm glibc-debuginfo-2.17-105.el7.ppc64.rpm glibc-debuginfo-common-2.17-105.el7.ppc.rpm glibc-debuginfo-common-2.17-105.el7.ppc64.rpm glibc-static-2.17-105.el7.ppc.rpm glibc-static-2.17-105.el7.ppc64.rpm

ppc64le: glibc-debuginfo-2.17-105.el7.ppc64le.rpm glibc-debuginfo-common-2.17-105.el7.ppc64le.rpm glibc-static-2.17-105.el7.ppc64le.rpm

s390x: glibc-debuginfo-2.17-105.el7.s390.rpm glibc-debuginfo-2.17-105.el7.s390x.rpm glibc-debuginfo-common-2.17-105.el7.s390.rpm glibc-debuginfo-common-2.17-105.el7.s390x.rpm glibc-static-2.17-105.el7.s390.rpm glibc-static-2.17-105.el7.s390x.rpm

x86_64: glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-static-2.17-105.el7.i686.rpm glibc-static-2.17-105.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: glibc-2.17-105.el7.src.rpm

x86_64: glibc-2.17-105.el7.i686.rpm glibc-2.17-105.el7.x86_64.rpm glibc-common-2.17-105.el7.x86_64.rpm glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-devel-2.17-105.el7.i686.rpm glibc-devel-2.17-105.el7.x86_64.rpm glibc-headers-2.17-105.el7.x86_64.rpm glibc-utils-2.17-105.el7.x86_64.rpm nscd-2.17-105.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-static-2.17-105.el7.i686.rpm glibc-static-2.17-105.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2013-7423 https://access.redhat.com/security/cve/CVE-2015-1472 https://access.redhat.com/security/cve/CVE-2015-1473 https://access.redhat.com/security/cve/CVE-2015-1781 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/2050743

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFWTkEYXlSAg2UNWIIRAueyAJ98kB1kgF2zvCkEn5k70+Aq5ynM3QCfS8Lx xSL2O69mtC2Sh4D4RYIP+2k= =MEoD -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

The CVE-2015-7547 vulnerability listed below is considered to have critical impact.

CVE-2014-8121

Robin Hack discovered that the nss_files database did not
correctly implement enumeration interleaved with name-based or
ID-based lookups.  This could cause the enumeration enter an
endless loop, leading to a denial of service.  Most applications are not
affected by this vulnerability because they use aligned buffers.

CVE-2015-7547

The Google Security Team and Red Hat discovered that the eglibc
host name resolver function, getaddrinfo, when processing
AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its
internal buffers, leading to a stack-based buffer overflow and
arbitrary code execution.  This vulnerability affects most
applications which perform host name resolution using getaddrinfo,
including system services.

CVE-2015-8776

Adam Nielsen discovered that if an invalid separated time value
is passed to strftime, the strftime function could crash or leak
information.  Applications normally pass only valid time
information to strftime; no affected applications are known.

CVE-2015-8777

Hector Marco-Gisbert reported that LD_POINTER_GUARD was not
ignored for SUID programs, enabling an unintended bypass of a
security feature.  This update causes eglibc to always ignore the
LD_POINTER_GUARD environment variable.

CVE-2015-8778

Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r
functions did not check the size argument properly, leading to a
crash (denial of service) for certain arguments.  No impacted
applications are known at this time.

CVE-2015-8779

The catopen function contains several unbound stack allocations
(stack overflows), causing it the crash the process (denial of
service).  No applications where this issue has a security impact
are currently known.

The following fixed vulnerabilities currently lack CVE assignment:

Joseph Myers reported discovered that an integer overflow in the
strxfrm can lead to heap-based buffer overflow, possibly allowing
arbitrary code execution.  In addition, a fallback path in strxfrm
uses an unbounded stack allocation (stack overflow), leading to a
crash or erroneous application behavior.

Kostya Serebryany reported that the fnmatch function could skip
over the terminating NUL character of a malformed pattern, causing
an application calling fnmatch to crash (denial of service).  On
GNU/Linux systems, wide-oriented character streams are rarely
used, and no affected applications are known.

Andreas Schwab reported a memory leak (memory allocation without a
matching deallocation) while processing certain DNS answers in
getaddrinfo, related to the _nss_dns_gethostbyname4_r function. 
This vulnerability could lead to a denial of service.

While it is only necessary to ensure that all processes are not using the old eglibc anymore, it is recommended to reboot the machines after applying the security upgrade.

For the oldstable distribution (wheezy), these problems have been fixed in version 2.13-38+deb7u10.

We recommend that you upgrade your eglibc packages. 6) - i386, x86_64

This update also fixes the following bug:

  • Previously, the nscd daemon did not properly reload modified data when the user edited monitored nscd configuration files. As a consequence, nscd returned stale data to system processes. This update adds a system of inotify-based monitoring and stat-based backup monitoring for nscd configuration files. As a result, nscd now detects changes to its configuration files and reloads the data properly, which prevents it from returning stale data. ========================================================================== Ubuntu Security Notice USN-2985-2 May 26, 2016

eglibc, glibc regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

USN-2985-1 introduced a regression in the GNU C Library.

Software Description: - glibc: GNU C Library - eglibc: GNU C Library

Details:

USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue.

We apologize for the inconvenience.

Original advisory details:

Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. (CVE-2013-2207, CVE-2016-2856)

Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. (CVE-2014-8121)

Joseph Myers discovered that the GNU C Library did not properly handle long arguments to functions returning a representation of Not a Number (NaN). (CVE-2014-9761)

Arjun Shankar discovered that in certain situations the nss_dns code in the GNU C Library did not properly account buffer sizes when passed an unaligned buffer. (CVE-2015-1781)

Sumit Bose and Lukas Slebodnik discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. (CVE-2015-8776)

Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed the pointer-guarding protection mechanism to be disabled by honoring the LD_POINTER_GUARD environment variable across privilege boundaries. (CVE-2015-8778)

Maksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. (CVE-2015-8779)

Florian Weimer discovered that the getnetbyname implementation in the GNU C Library did not properly handle long names passed as arguments. (CVE-2016-3075)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: libc-bin 2.21-0ubuntu4.3 libc6 2.21-0ubuntu4.3 libc6-dev 2.21-0ubuntu4.3

Ubuntu 14.04 LTS: libc-bin 2.19-0ubuntu6.9 libc6 2.19-0ubuntu6.9 libc6-dev 2.19-0ubuntu6.9

Ubuntu 12.04 LTS: libc-bin 2.15-0ubuntu10.15 libc6 2.15-0ubuntu10.15 libc6-dev 2.15-0ubuntu10.15

After a standard system update you need to reboot your computer to make all the necessary changes

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0438",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux enterprise debuginfo",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "glibc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "gnu",
        "version": "2.21"
      },
      {
        "model": "c library",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "gnu",
        "version": "2.22"
      },
      {
        "model": "suse linux enterprise debuginfo",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "novell",
        "version": "11-sp3"
      },
      {
        "model": "suse linux enterprise debuginfo",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "novell",
        "version": "11-sp4"
      },
      {
        "model": "suse linux enterprise desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "novell",
        "version": "11-sp3"
      },
      {
        "model": "suse linux enterprise desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "novell",
        "version": "11-sp4"
      },
      {
        "model": "suse linux enterprise server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "novell",
        "version": "11-sp3"
      },
      {
        "model": "suse linux enterprise server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "novell",
        "version": "11-sp4"
      },
      {
        "model": "suse linux enterprise server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "novell",
        "version": "for vmware 11-sp3"
      },
      {
        "model": "suse linux enterprise software development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "novell",
        "version": "11-sp3"
      },
      {
        "model": "suse linux enterprise software development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "novell",
        "version": "11-sp4"
      },
      {
        "model": "linux enterprise desktop",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "suse",
        "version": "11.0"
      },
      {
        "model": "linux enterprise debuginfo",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "suse",
        "version": "11.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "suse",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "ds8700",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "76.31.143.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.11"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "power hmc sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.2.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "ds8700",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "87.51.14.x"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "power hmc sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.1.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "ib6131 gb infiniband switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "83.4"
      },
      {
        "model": "ds8800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "86.31.167.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "flex system en6131 40gb ethernet switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.3"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "flex system en6131 40gb ethernet switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1000"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.16"
      },
      {
        "model": "enterprise linux server eus 6.6.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.21"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.0.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "power hmc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8.3.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0"
      },
      {
        "model": "ds8800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "flex system en6131 40gb ethernet switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.15"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "ib6131 gb infiniband switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "83.5.1000"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "flex system chassis management module 2pet",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "flex system chassis management module 2pet14c-2.5.5c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "ds8700",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "87.41.17.x"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.4"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "ib6131 gb infiniband switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "83.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "security virtual server protection for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.12"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.3"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74255"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004995"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-071"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1781"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:gnu:glibc",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:novell:suse_linux_enterprise_debuginfo",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:novell:suse_linux_enterprise_desktop",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:novell:suse_linux_enterprise_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:novell:suse_linux_enterprise_software_development_kit",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004995"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Arjun Shankar of Red Hat",
    "sources": [
      {
        "db": "BID",
        "id": "74255"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-071"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-1781",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2015-1781",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-1781",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-1781",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-071",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1781",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1781"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004995"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-071"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1781"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. GNU glibc is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may crash the application, denying service to legitimate users. \n\nIt was discovered that the nss_files backend for the Name Service Switch in\nglibc would return incorrect data to applications or corrupt the heap\n(depending on adjacent heap contents). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: glibc security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2015:2199-07\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-2199.html\nIssue date:        2015-11-19\nCVE Names:         CVE-2013-7423 CVE-2015-1472 CVE-2015-1473 \n                   CVE-2015-1781 \n=====================================================================\n\n1. Summary:\n\nUpdated glibc packages that fix multiple security issues, several bugs, and\nadd one enhancement are now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. \nWithout these libraries, the Linux system cannot function correctly. \n\nIt was discovered that, under certain circumstances, glibc\u0027s getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc\u0027s gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. (CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in\nglibc\u0027s swscanf() function. (CVE-2015-1472, CVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in glibc\u0027s _IO_wstr_overflow() function. (BZ#1195762)\n\nA flaw was found in the way glibc\u0027s fnmatch() function processed certain\nmalformed patterns. An attacker able to make an application call this\nfunction could use this flaw to crash that application. (BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat. \n\nThese updated glibc packages also include numerous bug fixes and one\nenhancement. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the following article on the Red Hat Customer Portal:\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1064066 - Test suite failure: test-ldouble\n1098042 - getaddrinfo return EAI_NONAME instead of EAI_AGAIN in case the DNS query times out\n1144133 - calloc in dl-reloc.c computes size incorrectly\n1187109 - CVE-2013-7423 glibc: getaddrinfo() writes DNS queries to random file descriptors under high load\n1188235 - CVE-2015-1472 glibc: heap buffer overflow in glibc swscanf\n1195762 - glibc: _IO_wstr_overflow integer overflow\n1197730 - glibc: potential denial of service in internal_fnmatch()\n1199525 - CVE-2015-1781 glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer\n1207032 - glibc deadlock when printing backtrace from memory allocator\n1209105 - CVE-2015-1473 glibc: Stack-overflow in glibc swscanf\n1219891 - Missing define for TCP_USER_TIMEOUT in netinet/tcp.h\n1225490 - [RFE] Unconditionally enable SDT probes in glibc builds. \n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nglibc-2.17-105.el7.src.rpm\n\nx86_64:\nglibc-2.17-105.el7.i686.rpm\nglibc-2.17-105.el7.x86_64.rpm\nglibc-common-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-devel-2.17-105.el7.i686.rpm\nglibc-devel-2.17-105.el7.x86_64.rpm\nglibc-headers-2.17-105.el7.x86_64.rpm\nglibc-utils-2.17-105.el7.x86_64.rpm\nnscd-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-static-2.17-105.el7.i686.rpm\nglibc-static-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nglibc-2.17-105.el7.src.rpm\n\nx86_64:\nglibc-2.17-105.el7.i686.rpm\nglibc-2.17-105.el7.x86_64.rpm\nglibc-common-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-devel-2.17-105.el7.i686.rpm\nglibc-devel-2.17-105.el7.x86_64.rpm\nglibc-headers-2.17-105.el7.x86_64.rpm\nglibc-utils-2.17-105.el7.x86_64.rpm\nnscd-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-static-2.17-105.el7.i686.rpm\nglibc-static-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nglibc-2.17-105.el7.src.rpm\n\naarch64:\nglibc-2.17-105.el7.aarch64.rpm\nglibc-common-2.17-105.el7.aarch64.rpm\nglibc-debuginfo-2.17-105.el7.aarch64.rpm\nglibc-devel-2.17-105.el7.aarch64.rpm\nglibc-headers-2.17-105.el7.aarch64.rpm\nglibc-utils-2.17-105.el7.aarch64.rpm\nnscd-2.17-105.el7.aarch64.rpm\n\nppc64:\nglibc-2.17-105.el7.ppc.rpm\nglibc-2.17-105.el7.ppc64.rpm\nglibc-common-2.17-105.el7.ppc64.rpm\nglibc-debuginfo-2.17-105.el7.ppc.rpm\nglibc-debuginfo-2.17-105.el7.ppc64.rpm\nglibc-debuginfo-common-2.17-105.el7.ppc.rpm\nglibc-debuginfo-common-2.17-105.el7.ppc64.rpm\nglibc-devel-2.17-105.el7.ppc.rpm\nglibc-devel-2.17-105.el7.ppc64.rpm\nglibc-headers-2.17-105.el7.ppc64.rpm\nglibc-utils-2.17-105.el7.ppc64.rpm\nnscd-2.17-105.el7.ppc64.rpm\n\nppc64le:\nglibc-2.17-105.el7.ppc64le.rpm\nglibc-common-2.17-105.el7.ppc64le.rpm\nglibc-debuginfo-2.17-105.el7.ppc64le.rpm\nglibc-debuginfo-common-2.17-105.el7.ppc64le.rpm\nglibc-devel-2.17-105.el7.ppc64le.rpm\nglibc-headers-2.17-105.el7.ppc64le.rpm\nglibc-utils-2.17-105.el7.ppc64le.rpm\nnscd-2.17-105.el7.ppc64le.rpm\n\ns390x:\nglibc-2.17-105.el7.s390.rpm\nglibc-2.17-105.el7.s390x.rpm\nglibc-common-2.17-105.el7.s390x.rpm\nglibc-debuginfo-2.17-105.el7.s390.rpm\nglibc-debuginfo-2.17-105.el7.s390x.rpm\nglibc-debuginfo-common-2.17-105.el7.s390.rpm\nglibc-debuginfo-common-2.17-105.el7.s390x.rpm\nglibc-devel-2.17-105.el7.s390.rpm\nglibc-devel-2.17-105.el7.s390x.rpm\nglibc-headers-2.17-105.el7.s390x.rpm\nglibc-utils-2.17-105.el7.s390x.rpm\nnscd-2.17-105.el7.s390x.rpm\n\nx86_64:\nglibc-2.17-105.el7.i686.rpm\nglibc-2.17-105.el7.x86_64.rpm\nglibc-common-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-devel-2.17-105.el7.i686.rpm\nglibc-devel-2.17-105.el7.x86_64.rpm\nglibc-headers-2.17-105.el7.x86_64.rpm\nglibc-utils-2.17-105.el7.x86_64.rpm\nnscd-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nglibc-debuginfo-2.17-105.el7.aarch64.rpm\nglibc-static-2.17-105.el7.aarch64.rpm\n\nppc64:\nglibc-debuginfo-2.17-105.el7.ppc.rpm\nglibc-debuginfo-2.17-105.el7.ppc64.rpm\nglibc-debuginfo-common-2.17-105.el7.ppc.rpm\nglibc-debuginfo-common-2.17-105.el7.ppc64.rpm\nglibc-static-2.17-105.el7.ppc.rpm\nglibc-static-2.17-105.el7.ppc64.rpm\n\nppc64le:\nglibc-debuginfo-2.17-105.el7.ppc64le.rpm\nglibc-debuginfo-common-2.17-105.el7.ppc64le.rpm\nglibc-static-2.17-105.el7.ppc64le.rpm\n\ns390x:\nglibc-debuginfo-2.17-105.el7.s390.rpm\nglibc-debuginfo-2.17-105.el7.s390x.rpm\nglibc-debuginfo-common-2.17-105.el7.s390.rpm\nglibc-debuginfo-common-2.17-105.el7.s390x.rpm\nglibc-static-2.17-105.el7.s390.rpm\nglibc-static-2.17-105.el7.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-static-2.17-105.el7.i686.rpm\nglibc-static-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nglibc-2.17-105.el7.src.rpm\n\nx86_64:\nglibc-2.17-105.el7.i686.rpm\nglibc-2.17-105.el7.x86_64.rpm\nglibc-common-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-devel-2.17-105.el7.i686.rpm\nglibc-devel-2.17-105.el7.x86_64.rpm\nglibc-headers-2.17-105.el7.x86_64.rpm\nglibc-utils-2.17-105.el7.x86_64.rpm\nnscd-2.17-105.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nglibc-debuginfo-2.17-105.el7.i686.rpm\nglibc-debuginfo-2.17-105.el7.x86_64.rpm\nglibc-debuginfo-common-2.17-105.el7.i686.rpm\nglibc-debuginfo-common-2.17-105.el7.x86_64.rpm\nglibc-static-2.17-105.el7.i686.rpm\nglibc-static-2.17-105.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2013-7423\nhttps://access.redhat.com/security/cve/CVE-2015-1472\nhttps://access.redhat.com/security/cve/CVE-2015-1473\nhttps://access.redhat.com/security/cve/CVE-2015-1781\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/articles/2050743\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWTkEYXlSAg2UNWIIRAueyAJ98kB1kgF2zvCkEn5k70+Aq5ynM3QCfS8Lx\nxSL2O69mtC2Sh4D4RYIP+2k=\n=MEoD\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe CVE-2015-7547 vulnerability listed below is considered to have\ncritical impact. \n\nCVE-2014-8121\n\n    Robin Hack discovered that the nss_files database did not\n    correctly implement enumeration interleaved with name-based or\n    ID-based lookups.  This could cause the enumeration enter an\n    endless loop, leading to a denial of service.  Most applications are not\n    affected by this vulnerability because they use aligned buffers. \n\nCVE-2015-7547\n\n    The Google Security Team and Red Hat discovered that the eglibc\n    host name resolver function, getaddrinfo, when processing\n    AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its\n    internal buffers, leading to a stack-based buffer overflow and\n    arbitrary code execution.  This vulnerability affects most\n    applications which perform host name resolution using getaddrinfo,\n    including system services. \n\nCVE-2015-8776\n\n    Adam Nielsen discovered that if an invalid separated time value\n    is passed to strftime, the strftime function could crash or leak\n    information.  Applications normally pass only valid time\n    information to strftime; no affected applications are known. \n\nCVE-2015-8777\n\n    Hector Marco-Gisbert reported that LD_POINTER_GUARD was not\n    ignored for SUID programs, enabling an unintended bypass of a\n    security feature.  This update causes eglibc to always ignore the\n    LD_POINTER_GUARD environment variable. \n\nCVE-2015-8778\n\n    Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r\n    functions did not check the size argument properly, leading to a\n    crash (denial of service) for certain arguments.  No impacted\n    applications are known at this time. \n\nCVE-2015-8779\n\n    The catopen function contains several unbound stack allocations\n    (stack overflows), causing it the crash the process (denial of\n    service).  No applications where this issue has a security impact\n    are currently known. \n\nThe following fixed vulnerabilities currently lack CVE assignment:\n\n    Joseph Myers reported discovered that an integer overflow in the\n    strxfrm can lead to heap-based buffer overflow, possibly allowing\n    arbitrary code execution.  In addition, a fallback path in strxfrm\n    uses an unbounded stack allocation (stack overflow), leading to a\n    crash or erroneous application behavior. \n\n    Kostya Serebryany reported that the fnmatch function could skip\n    over the terminating NUL character of a malformed pattern, causing\n    an application calling fnmatch to crash (denial of service).  On\n    GNU/Linux systems, wide-oriented character streams are rarely\n    used, and no affected applications are known. \n\n    Andreas Schwab reported a memory leak (memory allocation without a\n    matching deallocation) while processing certain DNS answers in\n    getaddrinfo, related to the _nss_dns_gethostbyname4_r function. \n    This vulnerability could lead to a denial of service. \n\nWhile it is only necessary to ensure that all processes are not using\nthe old eglibc anymore, it is recommended to reboot the machines after\napplying the security upgrade. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2.13-38+deb7u10. \n\nWe recommend that you upgrade your eglibc packages. 6) - i386, x86_64\n\n3. \n\nThis update also fixes the following bug:\n\n* Previously, the nscd daemon did not properly reload modified data when\nthe user edited monitored nscd configuration files. As a consequence, nscd\nreturned stale data to system processes. This update adds a system of\ninotify-based monitoring and stat-based backup monitoring for nscd\nconfiguration files. As a result, nscd now detects changes to its\nconfiguration files and reloads the data properly, which prevents it from\nreturning stale data. ==========================================================================\nUbuntu Security Notice USN-2985-2\nMay 26, 2016\n\neglibc, glibc regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-2985-1 introduced a regression in the GNU C Library. \n\nSoftware Description:\n- glibc: GNU C Library\n- eglibc: GNU C Library\n\nDetails:\n\nUSN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for\nCVE-2014-9761 introduced a regression which affected applications that\nuse the libm library but were not fully restarted after the upgrade. \nThis update removes the fix for CVE-2014-9761 and a future update\nwill be provided to address this issue. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Martin Carpenter discovered that pt_chown in the GNU C Library did not\n properly check permissions for tty files. \n (CVE-2013-2207, CVE-2016-2856)\n \n Robin Hack discovered that the Name Service Switch (NSS) implementation in\n the GNU C Library did not properly manage its file descriptors. \n (CVE-2014-8121)\n \n Joseph Myers discovered that the GNU C Library did not properly handle long\n arguments to functions returning a representation of Not a Number (NaN). \n (CVE-2014-9761)\n \n Arjun Shankar discovered that in certain situations the nss_dns code in the\n GNU C Library did not properly account buffer sizes when passed an\n unaligned buffer. (CVE-2015-1781)\n \n Sumit Bose and Lukas Slebodnik discovered that the Name Service\n Switch (NSS) implementation in the GNU C Library did not handle long\n lines in the files databases correctly. (CVE-2015-8776)\n \n Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed\n the pointer-guarding protection mechanism to be disabled by honoring the\n LD_POINTER_GUARD environment variable across privilege boundaries. (CVE-2015-8778)\n \n Maksymilian Arciemowicz discovered a stack-based buffer overflow in the\n catopen function in the GNU C Library when handling long catalog names. (CVE-2015-8779)\n \n Florian Weimer discovered that the getnetbyname implementation in the GNU C\n Library did not properly handle long names passed as arguments. (CVE-2016-3075)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  libc-bin                        2.21-0ubuntu4.3\n  libc6                           2.21-0ubuntu4.3\n  libc6-dev                       2.21-0ubuntu4.3\n\nUbuntu 14.04 LTS:\n  libc-bin                        2.19-0ubuntu6.9\n  libc6                           2.19-0ubuntu6.9\n  libc6-dev                       2.19-0ubuntu6.9\n\nUbuntu 12.04 LTS:\n  libc-bin                        2.15-0ubuntu10.15\n  libc6                           2.15-0ubuntu10.15\n  libc6-dev                       2.15-0ubuntu10.15\n\nAfter a standard system update you need to reboot your computer to\nmake all the necessary changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1781"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004995"
      },
      {
        "db": "BID",
        "id": "74255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1781"
      },
      {
        "db": "PACKETSTORM",
        "id": "137200"
      },
      {
        "db": "PACKETSTORM",
        "id": "134717"
      },
      {
        "db": "PACKETSTORM",
        "id": "134444"
      },
      {
        "db": "PACKETSTORM",
        "id": "135793"
      },
      {
        "db": "PACKETSTORM",
        "id": "131539"
      },
      {
        "db": "PACKETSTORM",
        "id": "137208"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1781",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "74255",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1032178",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004995",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-071",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1781",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137200",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134717",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134444",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "135793",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "131539",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137208",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1781"
      },
      {
        "db": "BID",
        "id": "74255"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004995"
      },
      {
        "db": "PACKETSTORM",
        "id": "137200"
      },
      {
        "db": "PACKETSTORM",
        "id": "134717"
      },
      {
        "db": "PACKETSTORM",
        "id": "134444"
      },
      {
        "db": "PACKETSTORM",
        "id": "135793"
      },
      {
        "db": "PACKETSTORM",
        "id": "131539"
      },
      {
        "db": "PACKETSTORM",
        "id": "137208"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-071"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1781"
      }
    ]
  },
  "id": "VAR-201509-0438",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.20833333
  },
  "last_update_date": "2024-11-29T22:37:33.901000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SUSE-SU-2015:1424",
        "trust": 0.8,
        "url": " http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"
      },
      {
        "title": "RHSA-2015:0863",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2015-0863.html"
      },
      {
        "title": "Bug 18287",
        "trust": 0.8,
        "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18287"
      },
      {
        "title": "The GNU C Library version 2.22 is now available",
        "trust": 0.8,
        "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
      },
      {
        "title": "CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287]",
        "trust": 0.8,
        "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386"
      },
      {
        "title": "GNU C Library Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=232528"
      },
      {
        "title": "Red Hat: Moderate: glibc security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152199 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: glibc security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20152589 - Security Advisory"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2015-1781",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a2c29453eb55cceece213eaabd30c31b"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2013-2207: Remove pt_chown",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=24f036a1c9b3e11b009511a5ff0119fc"
      },
      {
        "title": "Debian CVElist Bug Report Logs: glibc: multiple overflows in strxfrm()",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9c45e614f65364c9f36d20f68260e303"
      },
      {
        "title": "Debian CVElist Bug Report Logs: glibc: Three vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=c894c06b98aa71f44dddf17ba757bd22"
      },
      {
        "title": "Red Hat: CVE-2015-1781",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-1781"
      },
      {
        "title": "Debian CVElist Bug Report Logs: libc6: Pointer guarding bypass in dynamic Setuid binaries",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fd388404d431df3846c2735a9f93c550"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-513",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-513"
      },
      {
        "title": "Ubuntu Security Notice: eglibc, glibc regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2985-2"
      },
      {
        "title": "Ubuntu Security Notice: eglibc, glibc vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2985-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-617",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-617"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1781"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004995"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-071"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004995"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1781"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-0863.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.ubuntu.com/usn/usn-2985-1"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2985-2"
      },
      {
        "trust": 1.7,
        "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18287"
      },
      {
        "trust": 1.7,
        "url": "https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/74255"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/201602-02"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032178"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2016/dsa-3480"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177404.html"
      },
      {
        "trust": 1.6,
        "url": "https://sourceware.org/git/?p=glibc.git%3ba=commit%3bh=2959eda9272a03386"
      },
      {
        "trust": 1.0,
        "url": "https://access.redhat.com/security/cve/cve-2015-1781"
      },
      {
        "trust": 0.9,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1199525"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1781"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1781"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/errata/rhsa-2015:2199"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1781"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2015:2589"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2015:0863"
      },
      {
        "trust": 0.3,
        "url": "http://www.gnu.org/software/libc/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966788"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022665"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023385"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005779"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005255"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020837"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099225"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966209"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982433"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988872"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8777"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8121"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8776"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5277"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8778"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8779"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7423"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2013-7423"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9761"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3075"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1473"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1473"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1472"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1472"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38496"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2985-2/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.14"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2856"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/glibc/2.21-0ubuntu4.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.8"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2207"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-5277"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-2589.html"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2015-2199.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2050743"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1585614"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/glibc/2.21-0ubuntu4.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.9"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.15"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1781"
      },
      {
        "db": "BID",
        "id": "74255"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004995"
      },
      {
        "db": "PACKETSTORM",
        "id": "137200"
      },
      {
        "db": "PACKETSTORM",
        "id": "134717"
      },
      {
        "db": "PACKETSTORM",
        "id": "134444"
      },
      {
        "db": "PACKETSTORM",
        "id": "135793"
      },
      {
        "db": "PACKETSTORM",
        "id": "131539"
      },
      {
        "db": "PACKETSTORM",
        "id": "137208"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-071"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1781"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1781"
      },
      {
        "db": "BID",
        "id": "74255"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004995"
      },
      {
        "db": "PACKETSTORM",
        "id": "137200"
      },
      {
        "db": "PACKETSTORM",
        "id": "134717"
      },
      {
        "db": "PACKETSTORM",
        "id": "134444"
      },
      {
        "db": "PACKETSTORM",
        "id": "135793"
      },
      {
        "db": "PACKETSTORM",
        "id": "131539"
      },
      {
        "db": "PACKETSTORM",
        "id": "137208"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-071"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1781"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-09-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1781"
      },
      {
        "date": "2015-04-21T00:00:00",
        "db": "BID",
        "id": "74255"
      },
      {
        "date": "2015-10-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004995"
      },
      {
        "date": "2015-05-26T08:22:22",
        "db": "PACKETSTORM",
        "id": "137200"
      },
      {
        "date": "2015-12-09T15:22:37",
        "db": "PACKETSTORM",
        "id": "134717"
      },
      {
        "date": "2015-11-20T00:41:22",
        "db": "PACKETSTORM",
        "id": "134444"
      },
      {
        "date": "2016-02-16T17:18:17",
        "db": "PACKETSTORM",
        "id": "135793"
      },
      {
        "date": "2015-04-21T16:03:31",
        "db": "PACKETSTORM",
        "id": "131539"
      },
      {
        "date": "2016-05-26T14:33:33",
        "db": "PACKETSTORM",
        "id": "137208"
      },
      {
        "date": "2015-04-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-071"
      },
      {
        "date": "2015-09-28T20:59:00.093000",
        "db": "NVD",
        "id": "CVE-2015-1781"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1781"
      },
      {
        "date": "2016-09-09T18:00:00",
        "db": "BID",
        "id": "74255"
      },
      {
        "date": "2015-10-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004995"
      },
      {
        "date": "2023-04-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-071"
      },
      {
        "date": "2024-11-21T02:26:07.067000",
        "db": "NVD",
        "id": "CVE-2015-1781"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-071"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "GNU C Library of  gethostbyname_r And other unspecified  NSS Buffer overflow vulnerability in functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004995"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-071"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.