var-201602-0004
Vulnerability from variot
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system.
There is a stack overflow vulnerability in the getaddrinfo function in glibc when processing a specific DNS response packet. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control.
This update also fixes the following bugs:
-
The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with "dlopen: cannot load any more object with static TLS" should now start up correctly. (BZ#1291270)
-
A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04989404
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04989404 Version: 3
HPSBGN03547 rev.3 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-02-18 Last Updated: 2016-04-29
Potential Security Impact: Remote Arbitrary Code Execution, Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A security vulnerability in glibc has been addressed with HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus components. The vulnerability could be exploited remotely resulting in arbitrary execution of code.
- Helion Eucalyptus Node Controller (NC) components are confirmed to be affected by the vulnerability. Other Helion Eucalyptus components and pre-bundled service EMIs do not directly expose the vulnerability, but because glibc is a commonly used library on Linux, the exact exposure is hard to determine. Any software performing domain name resolution is potentially vulnerable.
References:
- CVE-2015-7547
- PSRT110035
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE Helion Eucalyptus Node Controller 4.2.2 and earlier
- HPE Helion Eucalyptus Service components EMIs for Load Balancing and Imaging services package "eucalyptus-service-image-1.48-0.87.99" and earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-7547 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has made the following software updates and workaround information available to resolve the vulnerability with glibc for HPE Helion Eucalyptus.
-
All hosts running HPE Helion Eucalyptus services should be upgraded to the latest glibc. Updated glibc packages are available for RHEL and CentOS:
https://access.redhat.com/articles/2161461
RHEL Note: After following the guidelines for RHEL, a reboot is the safest and recommended way to ensure that updates takes effect for all services.
Workaround:
As a cloud administrator:
1) create an update-glibc script with the following content:
#! /bin/bash
yum update -y glibc
2) set the following cloud properties to use that script on instance start:
euctl services.imaging.worker.init_script=@update-glibc
euctl services.loadbalancing.worker.init_script=@update-glibc
This script will be automatically executed for each of the new instances started from the service image. For instances that are already running, the cloud administrator will need to terminate them and start again for the script to take effect. More specifically, for the Load Balancing service, the cloud admin needs to find all instances running under the "(eucalyptus)loadbalancing" account:
# euare-accountlist | grep loadbalancing
(eucalyptus)loadbalancing <accnt_id>
# euca-describe-instances verbose | grep <accnt_id>
And terminate them using euca-terminate-instances. New updated instances will be started automatically after that.
For the Imaging Service, the imaging worker needs to be terminated and started again:
# esi-manage-stack -a delete imaging
# esi-manage-stack -a create imaging
HISTORY Version:1 (rev.1) - 17 February 2016 Initial release Version:2 (rev.2) - 28 April 2016 Update Helion Eucalyptus Service EMI eucalyptus-service-image-1.57-0.93.110.el6 now available Version:2 (rev.2) - 28 April 2016 Update Helion Eucalyptus Service EMI eucalyptus-service-image-1.57-0.93.110.el6 now available Version:3 (rev.3) - 29 April 2016 Changed impacted version from 4.2.1 to 4.2.2 and earlier
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: glibc security update Advisory ID: RHSA-2016:0225-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0225.html Issue date: 2016-02-16 CVE Names: CVE-2015-7547 =====================================================================
- Summary:
Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support.
Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64
- Description:
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547)
This issue was discovered by the Google Security Team and Red Hat.
All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
- Package List:
Red Hat Enterprise Linux HPC Node EUS (v. 6.6):
Source: glibc-2.12-1.149.el6_6.11.src.rpm
x86_64: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-2.12-1.149.el6_6.11.x86_64.rpm glibc-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.x86_64.rpm glibc-headers-2.12-1.149.el6_6.11.x86_64.rpm glibc-utils-2.12-1.149.el6_6.11.x86_64.rpm nscd-2.12-1.149.el6_6.11.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6):
x86_64: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.2):
Source: glibc-2.12-1.47.el6_2.17.src.rpm
x86_64: glibc-2.12-1.47.el6_2.17.i686.rpm glibc-2.12-1.47.el6_2.17.x86_64.rpm glibc-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-devel-2.12-1.47.el6_2.17.i686.rpm glibc-devel-2.12-1.47.el6_2.17.x86_64.rpm glibc-headers-2.12-1.47.el6_2.17.x86_64.rpm glibc-utils-2.12-1.47.el6_2.17.x86_64.rpm nscd-2.12-1.47.el6_2.17.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.4):
Source: glibc-2.12-1.107.el6_4.9.src.rpm
x86_64: glibc-2.12-1.107.el6_4.9.i686.rpm glibc-2.12-1.107.el6_4.9.x86_64.rpm glibc-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-devel-2.12-1.107.el6_4.9.i686.rpm glibc-devel-2.12-1.107.el6_4.9.x86_64.rpm glibc-headers-2.12-1.107.el6_4.9.x86_64.rpm glibc-utils-2.12-1.107.el6_4.9.x86_64.rpm nscd-2.12-1.107.el6_4.9.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.5):
Source: glibc-2.12-1.132.el6_5.7.src.rpm
x86_64: glibc-2.12-1.132.el6_5.7.i686.rpm glibc-2.12-1.132.el6_5.7.x86_64.rpm glibc-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-devel-2.12-1.132.el6_5.7.i686.rpm glibc-devel-2.12-1.132.el6_5.7.x86_64.rpm glibc-headers-2.12-1.132.el6_5.7.x86_64.rpm glibc-utils-2.12-1.132.el6_5.7.x86_64.rpm nscd-2.12-1.132.el6_5.7.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: glibc-2.12-1.149.el6_6.11.src.rpm
i386: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-headers-2.12-1.149.el6_6.11.i686.rpm glibc-utils-2.12-1.149.el6_6.11.i686.rpm nscd-2.12-1.149.el6_6.11.i686.rpm
ppc64: glibc-2.12-1.149.el6_6.11.ppc.rpm glibc-2.12-1.149.el6_6.11.ppc64.rpm glibc-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-devel-2.12-1.149.el6_6.11.ppc.rpm glibc-devel-2.12-1.149.el6_6.11.ppc64.rpm glibc-headers-2.12-1.149.el6_6.11.ppc64.rpm glibc-utils-2.12-1.149.el6_6.11.ppc64.rpm nscd-2.12-1.149.el6_6.11.ppc64.rpm
s390x: glibc-2.12-1.149.el6_6.11.s390.rpm glibc-2.12-1.149.el6_6.11.s390x.rpm glibc-common-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm glibc-devel-2.12-1.149.el6_6.11.s390.rpm glibc-devel-2.12-1.149.el6_6.11.s390x.rpm glibc-headers-2.12-1.149.el6_6.11.s390x.rpm glibc-utils-2.12-1.149.el6_6.11.s390x.rpm nscd-2.12-1.149.el6_6.11.s390x.rpm
x86_64: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-2.12-1.149.el6_6.11.x86_64.rpm glibc-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.x86_64.rpm glibc-headers-2.12-1.149.el6_6.11.x86_64.rpm glibc-utils-2.12-1.149.el6_6.11.x86_64.rpm nscd-2.12-1.149.el6_6.11.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.2):
Source: glibc-2.12-1.47.el6_2.17.src.rpm
x86_64: glibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-static-2.12-1.47.el6_2.17.i686.rpm glibc-static-2.12-1.47.el6_2.17.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.4):
Source: glibc-2.12-1.107.el6_4.9.src.rpm
x86_64: glibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-static-2.12-1.107.el6_4.9.i686.rpm glibc-static-2.12-1.107.el6_4.9.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.5):
Source: glibc-2.12-1.132.el6_5.7.src.rpm
x86_64: glibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-static-2.12-1.132.el6_5.7.i686.rpm glibc-static-2.12-1.132.el6_5.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.6):
i386: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm
ppc64: glibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-static-2.12-1.149.el6_6.11.ppc.rpm glibc-static-2.12-1.149.el6_6.11.ppc64.rpm
s390x: glibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm glibc-static-2.12-1.149.el6_6.11.s390.rpm glibc-static-2.12-1.149.el6_6.11.s390x.rpm
x86_64: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.x86_64.rpm
Red Hat Enterprise Linux ComputeNode EUS (v. 7.1):
Source: glibc-2.17-79.el7_1.4.src.rpm
x86_64: glibc-2.17-79.el7_1.4.i686.rpm glibc-2.17-79.el7_1.4.x86_64.rpm glibc-common-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-devel-2.17-79.el7_1.4.i686.rpm glibc-devel-2.17-79.el7_1.4.x86_64.rpm glibc-headers-2.17-79.el7_1.4.x86_64.rpm glibc-utils-2.17-79.el7_1.4.x86_64.rpm nscd-2.17-79.el7_1.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1):
x86_64: glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-static-2.17-79.el7_1.4.i686.rpm glibc-static-2.17-79.el7_1.4.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: glibc-2.17-79.el7_1.4.src.rpm
ppc64: glibc-2.17-79.el7_1.4.ppc.rpm glibc-2.17-79.el7_1.4.ppc64.rpm glibc-common-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm glibc-devel-2.17-79.el7_1.4.ppc.rpm glibc-devel-2.17-79.el7_1.4.ppc64.rpm glibc-headers-2.17-79.el7_1.4.ppc64.rpm glibc-utils-2.17-79.el7_1.4.ppc64.rpm nscd-2.17-79.el7_1.4.ppc64.rpm
s390x: glibc-2.17-79.el7_1.4.s390.rpm glibc-2.17-79.el7_1.4.s390x.rpm glibc-common-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm glibc-devel-2.17-79.el7_1.4.s390.rpm glibc-devel-2.17-79.el7_1.4.s390x.rpm glibc-headers-2.17-79.el7_1.4.s390x.rpm glibc-utils-2.17-79.el7_1.4.s390x.rpm nscd-2.17-79.el7_1.4.s390x.rpm
x86_64: glibc-2.17-79.el7_1.4.i686.rpm glibc-2.17-79.el7_1.4.x86_64.rpm glibc-common-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-devel-2.17-79.el7_1.4.i686.rpm glibc-devel-2.17-79.el7_1.4.x86_64.rpm glibc-headers-2.17-79.el7_1.4.x86_64.rpm glibc-utils-2.17-79.el7_1.4.x86_64.rpm nscd-2.17-79.el7_1.4.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: glibc-2.17-79.ael7b_1.4.src.rpm
ppc64le: glibc-2.17-79.ael7b_1.4.ppc64le.rpm glibc-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-devel-2.17-79.ael7b_1.4.ppc64le.rpm glibc-headers-2.17-79.ael7b_1.4.ppc64le.rpm glibc-utils-2.17-79.ael7b_1.4.ppc64le.rpm nscd-2.17-79.ael7b_1.4.ppc64le.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.1):
ppc64: glibc-debuginfo-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm glibc-static-2.17-79.el7_1.4.ppc.rpm glibc-static-2.17-79.el7_1.4.ppc64.rpm
s390x: glibc-debuginfo-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm glibc-static-2.17-79.el7_1.4.s390.rpm glibc-static-2.17-79.el7_1.4.s390x.rpm
x86_64: glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-static-2.17-79.el7_1.4.i686.rpm glibc-static-2.17-79.el7_1.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.1):
ppc64le: glibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-static-2.17-79.ael7b_1.4.ppc64le.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/2161461
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFWw0rVXlSAg2UNWIIRAoWoAJ93rclEfn9JUszTFNh+0YlrV1LDvgCdHL4z ZcaJTtI1osFTTkgVY6t05d0= =2Ia0 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.17-i486-11_slack14.1.txz: Rebuilt. However, due to a patch applied to Slackware's glibc back in 2009 (don't use the gethostbyname4() lookup method as it was causing some cheap routers to misbehave), we were not vulnerable to that issue. Nevertheless it seems prudent to patch the overflows anyway even if we're not currently using the code in question. Thanks to mancha for the backported patch. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547 ( Security fix ) patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz: Rebuilt. patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz: Rebuilt. patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz: Rebuilt. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-11_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.23-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.23-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.23-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.23-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.23-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.23-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.23-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.23-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.1 packages: 4c56432d638adc8098661cfa818b5bc9 glibc-2.17-i486-11_slack14.1.txz 5c316d6b0a8970fe15fbdf2adff8de19 glibc-i18n-2.17-i486-11_slack14.1.txz a937d842e5ca3d0b125230c23285f8f4 glibc-profile-2.17-i486-11_slack14.1.txz 442f01d094d350612c1fb1fcb5e7fbe7 glibc-solibs-2.17-i486-11_slack14.1.txz
Slackware x86_64 14.1 packages: eec88d584a79909ec79aae1c43c330d3 glibc-2.17-x86_64-11_slack14.1.txz d8b396eb6ada65d1555e3cf0fb8246c2 glibc-i18n-2.17-x86_64-11_slack14.1.txz e7deaabfe3e467cbde10ba5b7748bbbb glibc-profile-2.17-x86_64-11_slack14.1.txz 629c93f0e510d354ff66e61f1ebe8b67 glibc-solibs-2.17-x86_64-11_slack14.1.txz
Slackware -current packages: b11873e4f851a600b57a2e7a2ac8f472 a/glibc-solibs-2.23-i586-1.txz 5116eec63fab5e7dbc58d27fecd48684 l/glibc-2.23-i586-1.txz ae9b8a8e4ead59aa398212d6893d7ddc l/glibc-i18n-2.23-i586-1.txz 61154e43ee4c0739dd5d3c4ce3b60ae6 l/glibc-profile-2.23-i586-1.txz
Slackware x86_64 -current packages: c48a55c8a39dc8e17e04796e4f160bd0 a/glibc-solibs-2.23-x86_64-1.txz 36104e1a004b0e97d193c2132f18222d l/glibc-2.23-x86_64-1.txz e0415f66d17323c8f6df339cfd49051b l/glibc-i18n-2.23-x86_64-1.txz f5433793e9da696a60f2445559f1d33f l/glibc-profile-2.23-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg glibc-*.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. SEC Consult Vulnerability Lab Security Advisory < 20190904-0 > ======================================================================= title: Multiple vulnerabilities product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, Cisco 160W vulnerable version: Cisco RV34X - 1.0.02.16, Cisco RV16X/26X - 1.0.00.15 fixed version: see "Solution" CVE number: - impact: High homepage: https://www.cisco.com/ found: 2019-05-15 by: T. Weber, S. Viehböck (Office Vienna) IoT Inspector SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Europe | Asia | North America
https://www.sec-consult.com
=======================================================================
Vendor description:
"Securely connecting your small business to the outside world is as important as connecting your internal network devices to one another. Cisco Small Business RV Series Routers offer virtual private networking (VPN) technology so your remote workers can connect to your network through a secure Internet pathway."
Source: https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html
Business recommendation:
We want to thank Cisco for the very quick and professional response and great coordination. Customers are urged to update the firmware of their devices.
Vulnerability overview/description:
1) Hardcoded Credentials The device contains hardcoded users and passwords which can be used to login via SSH on an emulated device at least.
During the communication with Cisco it turned out that: "Accounts like the 'debug-admin' and 'root' can not be accessed from console port, CLI or webui". Therefore, these accounts had no real functionality and cannot be used for malicious actions.
2) Known GNU glibc Vulnerabilities The used GNU glibc in version 2.19 is outdated and contains multiple known vulnerabilities. The outdated version was found by IoT Inspector.
3) Known BusyBox Vulnerabilities The used BusyBox toolkit in version 1.23.2 is outdated and contains multiple known vulnerabilities. The outdated version was found by IoT Inspector. One of the discovered vulnerabilities (CVE-2017-16544) was verified by using the MEDUSA scaleable firmware runtime.
4) Multiple Vulnerabilities - IoT Inspector Report Further information can be found in IoT Inspector report: https://r.sec-consult.com/ciscoiot
Proof of concept:
1) Hardcoded Credentials The following hardcoded hashes were found in the 'shadow' file of the firmware: root:$1$hPNSjUZA$7eKqEpqVYltt9xJ6f0OGf0:15533:0:99999:7::: debug-admin:$1$.AAm0iJ4$na9wZwly9pSrdS8MhcGKw/:15541:0:99999:7::: [...]
The undocumented user 'debug-admin' is also contained in this file.
Starting the dropbear daemon as background process on emulated firmware:
dropbear -E
[1109] Running in background
[1112] Child connection from :52718
[1112]
Log on via another host connected to the same network. For this PoC the password of the debug-admin was changed in the 'shadow' file.
[root@localhost medusa]# ssh debug-admin@
BusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)
/tmp $
The 'debug-admin' user has the same privileges like 'root'. This can be determined from the corresponding sudoers file in the firmware: [...]
User privilege specification
root ALL=(ALL) ALL debug-admin ALL=(ALL) ALL
Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
[...]
During the communication with Cisco it turned out that: "Accounts like the 'debug-admin' and 'root' can not be accessed from console port, CLI or webui". Therefore, these accounts had no real functionality and cannot be used for malicious actions.
2) Known GNU glibc Vulnerabilities GNU glibc version 2.19 contains multiple CVEs like: CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-1472, CVE-2015-5277, CVE-2015-8778, CVE-2015-8779, CVE-2017-1000366 and more. It was compiled and executed on the emulated device to test the system.
python cve-2015-7547-poc.py &
[1] 961
chroot /medusa_rootfs/ bin/ash
BusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)
gdb cve-2015-7547_glibc_getaddrinfo
[...] [UDP] Total Data len recv 36 [UDP] Total Data len recv 36 Connected with 127.0.0.1:41782 [TCP] Total Data len recv 76 [TCP] Request1 len recv 36 [TCP] Request2 len recv 36 Cannot access memory at address 0x4
Program received signal SIGSEGV, Segmentation fault. 0x76f1fd58 in ?? () from /lib/libc.so.6 (gdb)
References: https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html https://github.com/fjserna/CVE-2015-7547
3) Known BusyBox Vulnerabilities BusyBox version 1.23.2 contains multiple CVEs like: CVE-2016-2148, CVE-2016-6301, CVE-2015-9261, CVE-2016-2147, CVE-2018-20679, CVE-2017-16544 and CVE-2019-5747. The BusyBox shell autocompletion vulnerability (CVE-2017-16544) was verified on an emulated device:
A file with the name "\ectest\n\e]55;test.txt\a" was created to trigger the vulnerability.
ls "pressing "
test ]55;test.txt
4) Multiple Vulnerabilities - IoT Inspector Report Further information can be found in IoT Inspector report: https://r.sec-consult.com/ciscoiot
The summary is below: IoT Inspector Vulnerability #1 BusyBox CVE entries Outdated BusyBox version is affected by 7 published CVEs.
IoT Inspector Vulnerability #2 curl CVE entries Outdated curl version is affected by 35 published CVEs.
IoT Inspector Vulnerability #3 GNU glibc CVE entries Outdated GNU glibc version is affected by 44 published CVEs.
IoT Inspector Vulnerability #5 Hardcoded password hashes Firmware contains multiple hardcoded credentials.
IoT Inspector Vulnerability #6 Linux Kernel CVE entries Outdated Linux Kernel version affected by 512 published CVEs.
IoT Inspector Vulnerability #7 MiniUPnPd CVE entries Outdated MiniUPnPd version affected by 2 published CVEs.
IoT Inspector Vulnerability #8 Dnsmasq CVE entries Outdated MiniUPnPd version affected by 1 published CVE.
IoT Inspector Vulnerability #9 Linux Kernel Privilege Escalation “pp_key” Outdated Linux Kernel version is affected by CVE-2015-7547.
IoT Inspector Vulnerability #10 OpenSSL CVE entries Outdated OpenSSL version affected by 6 published CVEs.
Vulnerable / tested versions:
The following firmware versions have been tested with IoT Inspector and firmware emulation techniques: Cisco RV340 / 1.0.02.16 Cisco RV340W / 1.0.02.16 Cisco RV345 / 1.0.02.16 Cisco RV345P / 1.0.02.16 The following firmware versions have been tested with IoT Inspector only: Cisco RV260 / 1.0.00.15 Cisco RV260P / 1.0.00.15 Cisco RV260W / 1.0.00.15 Cisco RV160 / 1.0.00.15 Cisco RV160P / 1.0.00.15
The firmware was obtained from the vendor website: https://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16 https://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15
Vendor contact timeline:
2019-05-15: Contacting vendor through psirt@cisco.com. 2019-05-16: Vendor confirmed the receipt. 2019-05-2019-08: Periodic updates about the investigation from the vendor. Clarification which of the reported issues will be fixed. 2019-08-20: The vendor proposed the next possible publication date for the advisory for 2019-09-04. The vendor added the RV160 and RV260 router series to be vulnerable to the same issues too. 2019-09-04: Coordinated advisory release.
Solution:
Upgrade to the newest available firmware version.
Additionally, the vendor provides the following security notice: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sb-vpnrouter
Workaround:
None.
Advisory URL:
https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Vulnerability Lab
SEC Consult Europe | Asia | North America
About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html
Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult
EOF T. Weber / @2019
.
The first vulnerability listed below is considered to have critical impact.
CVE-2015-7547
The Google Security Team and Red Hat discovered that the glibc
host name resolver function, getaddrinfo, when processing
AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its
internal buffers, leading to a stack-based buffer overflow and
arbitrary code execution. This vulnerability affects most
applications which perform host name resolution using getaddrinfo,
including system services.
CVE-2015-8776
Adam Nielsen discovered that if an invalid separated time value
is passed to strftime, the strftime function could crash or leak
information. Applications normally pass only valid time
information to strftime; no affected applications are known.
CVE-2015-8778
Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r
functions did not check the size argument properly, leading to a
crash (denial of service) for certain arguments. No impacted
applications are known at this time.
CVE-2015-8779
The catopen function contains several unbound stack allocations
(stack overflows), causing it the crash the process (denial of
service). No applications where this issue has a security impact
are currently known.
While it is only necessary to ensure that all processes are not using the old glibc anymore, it is recommended to reboot the machines after applying the security upgrade.
For the stable distribution (jessie), these problems have been fixed in version 2.19-18+deb8u3.
For the unstable distribution (sid), these problems will be fixed in version 2.21-8
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 2.0,
"vendor": "suse",
"version": "12"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.19"
},
{
"model": "unified threat management software",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "9.319"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.1.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.21"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.10.1"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.14.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.18"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "server migration pack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "7.5"
},
{
"model": "unified threat management software",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "9.355"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "2.1.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.20"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "2.0.0"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.13"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12.1"
},
{
"model": "fujitsu m10",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2290"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.9"
},
{
"model": "enterprise linux hpc node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.14"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.3"
},
{
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.22"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.10"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.15"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.17"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.16"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "glibc",
"scope": "gt",
"trust": 0.6,
"vendor": "gnu",
"version": "2.9"
},
{
"model": "ape",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "basic rt",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "rox ii os",
"scope": "gte",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.3.0\u003c=v2.9.0"
},
{
"model": "scalance m-800 s615",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "/"
},
{
"model": "sinema remote connect",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "136881"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "135971"
}
],
"trust": 0.4
},
"cve": "CVE-2015-7547",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7547",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01100",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85508",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2015-7547",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7547",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-01100",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85508",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system. \n\nThere is a stack overflow vulnerability in the getaddrinfo function in glibc when processing a specific DNS response packet. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control. \n\nThis update also fixes the following bugs:\n\n* The dynamic loader has been enhanced to allow the loading of more shared\nlibraries that make use of static thread local storage. While static thread\nlocal storage is the fastest access mechanism it may also prevent the\nshared library from being loaded at all since the static storage space is a\nlimited and shared process-global resource. Applications which would\npreviously fail with \"dlopen: cannot load any more object with static TLS\"\nshould now start up correctly. (BZ#1291270)\n\n* A bug in the POSIX realtime support would cause asynchronous I/O or\ncertain timer API calls to fail and return errors in the presence of large\nthread-local storage data that exceeded PTHREAD_STACK_MIN in size\n(generally 16 KiB). The bug in librt has been corrected and the impacted\nAPIs no longer return errors when large thread-local storage data is\npresent in the application. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c04989404\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04989404\nVersion: 3\n\nHPSBGN03547 rev.3 - HPE Helion Eucalyptus Node Controller and other Helion\nEucalyptus Components using glibc, Remote Arbitrary Code Execution\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-02-18\nLast Updated: 2016-04-29\n\nPotential Security Impact: Remote Arbitrary Code Execution, Denial of Service\n(DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA security vulnerability in glibc has been addressed with HPE Helion\nEucalyptus Node Controller and other Helion Eucalyptus components. The\nvulnerability could be exploited remotely resulting in arbitrary execution of\ncode. \n\n - Helion Eucalyptus Node Controller (NC) components are confirmed to be\naffected by the vulnerability. Other Helion Eucalyptus components and\npre-bundled service EMIs do not directly expose the vulnerability, but\nbecause glibc is a commonly used library on Linux, the exact exposure is hard\nto determine. Any software performing domain name resolution is potentially\nvulnerable. \n\nReferences:\n\n - CVE-2015-7547\n - PSRT110035\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE Helion Eucalyptus Node Controller 4.2.2 and earlier\n - HPE Helion Eucalyptus Service components EMIs for Load Balancing and\nImaging services package \"eucalyptus-service-image-1.48-0.87.99\" and earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-7547 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has made the following software updates and workaround information\navailable to resolve the vulnerability with glibc for HPE Helion Eucalyptus. \n\n+ All hosts running HPE Helion Eucalyptus services should be upgraded to the\nlatest glibc. Updated glibc packages are available for RHEL and CentOS:\n\n https://access.redhat.com/articles/2161461\n\n **RHEL Note:** After following the guidelines for RHEL, a reboot is the\nsafest and recommended way to ensure that updates takes effect for all\nservices. \n\n**Workaround:**\n\n As a cloud administrator:\n\n 1) create an update-glibc script with the following content:\n\n #! /bin/bash\n yum update -y glibc\n\n 2) set the following cloud properties to use that script on instance start:\n\n euctl services.imaging.worker.init_script=@update-glibc\n euctl services.loadbalancing.worker.init_script=@update-glibc\n\n This script will be automatically executed for each of the new instances\nstarted from the service image. For instances that are already\nrunning, the cloud administrator will need to terminate them and start again\nfor the script to take effect. More specifically, for the Load Balancing\nservice, the cloud admin needs to find all instances running under the\n\"(eucalyptus)loadbalancing\" account:\n\n # euare-accountlist | grep loadbalancing\n (eucalyptus)loadbalancing \u003caccnt_id\u003e\n\n # euca-describe-instances verbose | grep \u003caccnt_id\u003e\n\n And terminate them using euca-terminate-instances. New updated instances\nwill be started automatically after that. \n\n For the Imaging Service, the imaging worker needs to be terminated and\nstarted again:\n\n # esi-manage-stack -a delete imaging\n # esi-manage-stack -a create imaging\n\nHISTORY\nVersion:1 (rev.1) - 17 February 2016 Initial release Version:2 (rev.2) - 28\nApril 2016 Update Helion Eucalyptus Service EMI\neucalyptus-service-image-1.57-0.93.110.el6 now available\nVersion:2 (rev.2) - 28 April 2016 Update Helion Eucalyptus Service EMI\neucalyptus-service-image-1.57-0.93.110.el6 now available\nVersion:3 (rev.3) - 29 April 2016 Changed impacted version from 4.2.1 to\n4.2.2 and earlier\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: glibc security update\nAdvisory ID: RHSA-2016:0225-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0225.html\nIssue date: 2016-02-16\nCVE Names: CVE-2015-7547 \n=====================================================================\n\n1. Summary:\n\nUpdated glibc packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red\nHat Enterprise Linux 6.6 and 7.1 Extended Update Support. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64\nRed Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system. \nWithout these libraries, the Linux system cannot function correctly. \n\nA stack-based buffer overflow was found in the way the libresolv library\nperformed dual A/AAAA DNS queries. Note: this issue is only exposed when libresolv is called from the\nnss_dns NSS service module. (CVE-2015-7547)\n\nThis issue was discovered by the Google Security Team and Red Hat. \n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow\n\n6. Package List:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.6):\n\nSource:\nglibc-2.12-1.149.el6_6.11.src.rpm\n\nx86_64:\nglibc-2.12-1.149.el6_6.11.i686.rpm\nglibc-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-common-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-devel-2.12-1.149.el6_6.11.i686.rpm\nglibc-devel-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-headers-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-utils-2.12-1.149.el6_6.11.x86_64.rpm\nnscd-2.12-1.149.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.6):\n\nx86_64:\nglibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-static-2.12-1.149.el6_6.11.i686.rpm\nglibc-static-2.12-1.149.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.2):\n\nSource:\nglibc-2.12-1.47.el6_2.17.src.rpm\n\nx86_64:\nglibc-2.12-1.47.el6_2.17.i686.rpm\nglibc-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-common-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm\nglibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm\nglibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-devel-2.12-1.47.el6_2.17.i686.rpm\nglibc-devel-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-headers-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-utils-2.12-1.47.el6_2.17.x86_64.rpm\nnscd-2.12-1.47.el6_2.17.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.4):\n\nSource:\nglibc-2.12-1.107.el6_4.9.src.rpm\n\nx86_64:\nglibc-2.12-1.107.el6_4.9.i686.rpm\nglibc-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-common-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm\nglibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm\nglibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-devel-2.12-1.107.el6_4.9.i686.rpm\nglibc-devel-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-headers-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-utils-2.12-1.107.el6_4.9.x86_64.rpm\nnscd-2.12-1.107.el6_4.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.5):\n\nSource:\nglibc-2.12-1.132.el6_5.7.src.rpm\n\nx86_64:\nglibc-2.12-1.132.el6_5.7.i686.rpm\nglibc-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-common-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm\nglibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-devel-2.12-1.132.el6_5.7.i686.rpm\nglibc-devel-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-headers-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-utils-2.12-1.132.el6_5.7.x86_64.rpm\nnscd-2.12-1.132.el6_5.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nglibc-2.12-1.149.el6_6.11.src.rpm\n\ni386:\nglibc-2.12-1.149.el6_6.11.i686.rpm\nglibc-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-devel-2.12-1.149.el6_6.11.i686.rpm\nglibc-headers-2.12-1.149.el6_6.11.i686.rpm\nglibc-utils-2.12-1.149.el6_6.11.i686.rpm\nnscd-2.12-1.149.el6_6.11.i686.rpm\n\nppc64:\nglibc-2.12-1.149.el6_6.11.ppc.rpm\nglibc-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-common-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-devel-2.12-1.149.el6_6.11.ppc.rpm\nglibc-devel-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-headers-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-utils-2.12-1.149.el6_6.11.ppc64.rpm\nnscd-2.12-1.149.el6_6.11.ppc64.rpm\n\ns390x:\nglibc-2.12-1.149.el6_6.11.s390.rpm\nglibc-2.12-1.149.el6_6.11.s390x.rpm\nglibc-common-2.12-1.149.el6_6.11.s390x.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm\nglibc-devel-2.12-1.149.el6_6.11.s390.rpm\nglibc-devel-2.12-1.149.el6_6.11.s390x.rpm\nglibc-headers-2.12-1.149.el6_6.11.s390x.rpm\nglibc-utils-2.12-1.149.el6_6.11.s390x.rpm\nnscd-2.12-1.149.el6_6.11.s390x.rpm\n\nx86_64:\nglibc-2.12-1.149.el6_6.11.i686.rpm\nglibc-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-common-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-devel-2.12-1.149.el6_6.11.i686.rpm\nglibc-devel-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-headers-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-utils-2.12-1.149.el6_6.11.x86_64.rpm\nnscd-2.12-1.149.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.2):\n\nSource:\nglibc-2.12-1.47.el6_2.17.src.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm\nglibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm\nglibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm\nglibc-static-2.12-1.47.el6_2.17.i686.rpm\nglibc-static-2.12-1.47.el6_2.17.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4):\n\nSource:\nglibc-2.12-1.107.el6_4.9.src.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm\nglibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm\nglibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm\nglibc-static-2.12-1.107.el6_4.9.i686.rpm\nglibc-static-2.12-1.107.el6_4.9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5):\n\nSource:\nglibc-2.12-1.132.el6_5.7.src.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm\nglibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm\nglibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm\nglibc-static-2.12-1.132.el6_5.7.i686.rpm\nglibc-static-2.12-1.132.el6_5.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.6):\n\ni386:\nglibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-static-2.12-1.149.el6_6.11.i686.rpm\n\nppc64:\nglibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm\nglibc-static-2.12-1.149.el6_6.11.ppc.rpm\nglibc-static-2.12-1.149.el6_6.11.ppc64.rpm\n\ns390x:\nglibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm\nglibc-static-2.12-1.149.el6_6.11.s390.rpm\nglibc-static-2.12-1.149.el6_6.11.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm\nglibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm\nglibc-static-2.12-1.149.el6_6.11.i686.rpm\nglibc-static-2.12-1.149.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.1):\n\nSource:\nglibc-2.17-79.el7_1.4.src.rpm\n\nx86_64:\nglibc-2.17-79.el7_1.4.i686.rpm\nglibc-2.17-79.el7_1.4.x86_64.rpm\nglibc-common-2.17-79.el7_1.4.x86_64.rpm\nglibc-debuginfo-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm\nglibc-devel-2.17-79.el7_1.4.i686.rpm\nglibc-devel-2.17-79.el7_1.4.x86_64.rpm\nglibc-headers-2.17-79.el7_1.4.x86_64.rpm\nglibc-utils-2.17-79.el7_1.4.x86_64.rpm\nnscd-2.17-79.el7_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1):\n\nx86_64:\nglibc-debuginfo-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm\nglibc-static-2.17-79.el7_1.4.i686.rpm\nglibc-static-2.17-79.el7_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nglibc-2.17-79.el7_1.4.src.rpm\n\nppc64:\nglibc-2.17-79.el7_1.4.ppc.rpm\nglibc-2.17-79.el7_1.4.ppc64.rpm\nglibc-common-2.17-79.el7_1.4.ppc64.rpm\nglibc-debuginfo-2.17-79.el7_1.4.ppc.rpm\nglibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm\nglibc-devel-2.17-79.el7_1.4.ppc.rpm\nglibc-devel-2.17-79.el7_1.4.ppc64.rpm\nglibc-headers-2.17-79.el7_1.4.ppc64.rpm\nglibc-utils-2.17-79.el7_1.4.ppc64.rpm\nnscd-2.17-79.el7_1.4.ppc64.rpm\n\ns390x:\nglibc-2.17-79.el7_1.4.s390.rpm\nglibc-2.17-79.el7_1.4.s390x.rpm\nglibc-common-2.17-79.el7_1.4.s390x.rpm\nglibc-debuginfo-2.17-79.el7_1.4.s390.rpm\nglibc-debuginfo-2.17-79.el7_1.4.s390x.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm\nglibc-devel-2.17-79.el7_1.4.s390.rpm\nglibc-devel-2.17-79.el7_1.4.s390x.rpm\nglibc-headers-2.17-79.el7_1.4.s390x.rpm\nglibc-utils-2.17-79.el7_1.4.s390x.rpm\nnscd-2.17-79.el7_1.4.s390x.rpm\n\nx86_64:\nglibc-2.17-79.el7_1.4.i686.rpm\nglibc-2.17-79.el7_1.4.x86_64.rpm\nglibc-common-2.17-79.el7_1.4.x86_64.rpm\nglibc-debuginfo-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm\nglibc-devel-2.17-79.el7_1.4.i686.rpm\nglibc-devel-2.17-79.el7_1.4.x86_64.rpm\nglibc-headers-2.17-79.el7_1.4.x86_64.rpm\nglibc-utils-2.17-79.el7_1.4.x86_64.rpm\nnscd-2.17-79.el7_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nglibc-2.17-79.ael7b_1.4.src.rpm\n\nppc64le:\nglibc-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-common-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-devel-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-headers-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-utils-2.17-79.ael7b_1.4.ppc64le.rpm\nnscd-2.17-79.ael7b_1.4.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.1):\n\nppc64:\nglibc-debuginfo-2.17-79.el7_1.4.ppc.rpm\nglibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm\nglibc-static-2.17-79.el7_1.4.ppc.rpm\nglibc-static-2.17-79.el7_1.4.ppc64.rpm\n\ns390x:\nglibc-debuginfo-2.17-79.el7_1.4.s390.rpm\nglibc-debuginfo-2.17-79.el7_1.4.s390x.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm\nglibc-static-2.17-79.el7_1.4.s390.rpm\nglibc-static-2.17-79.el7_1.4.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm\nglibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm\nglibc-static-2.17-79.el7_1.4.i686.rpm\nglibc-static-2.17-79.el7_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.1):\n\nppc64le:\nglibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm\nglibc-static-2.17-79.ael7b_1.4.ppc64le.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-7547\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/articles/2161461\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWw0rVXlSAg2UNWIIRAoWoAJ93rclEfn9JUszTFNh+0YlrV1LDvgCdHL4z\nZcaJTtI1osFTTkgVY6t05d0=\n=2Ia0\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/glibc-2.17-i486-11_slack14.1.txz: Rebuilt. However,\n due to a patch applied to Slackware\u0027s glibc back in 2009 (don\u0027t use the\n gethostbyname4() lookup method as it was causing some cheap routers to\n misbehave), we were not vulnerable to that issue. Nevertheless it seems\n prudent to patch the overflows anyway even if we\u0027re not currently using\n the code in question. Thanks to mancha for the backported patch. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547\n (* Security fix *)\npatches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz: Rebuilt. \npatches/packages/glibc-profile-2.17-i486-11_slack14.1.txz: Rebuilt. \npatches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz: Rebuilt. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-11_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.23-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.23-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.23-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.23-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.23-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.23-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.23-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.23-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.1 packages:\n4c56432d638adc8098661cfa818b5bc9 glibc-2.17-i486-11_slack14.1.txz\n5c316d6b0a8970fe15fbdf2adff8de19 glibc-i18n-2.17-i486-11_slack14.1.txz\na937d842e5ca3d0b125230c23285f8f4 glibc-profile-2.17-i486-11_slack14.1.txz\n442f01d094d350612c1fb1fcb5e7fbe7 glibc-solibs-2.17-i486-11_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\neec88d584a79909ec79aae1c43c330d3 glibc-2.17-x86_64-11_slack14.1.txz\nd8b396eb6ada65d1555e3cf0fb8246c2 glibc-i18n-2.17-x86_64-11_slack14.1.txz\ne7deaabfe3e467cbde10ba5b7748bbbb glibc-profile-2.17-x86_64-11_slack14.1.txz\n629c93f0e510d354ff66e61f1ebe8b67 glibc-solibs-2.17-x86_64-11_slack14.1.txz\n\nSlackware -current packages:\nb11873e4f851a600b57a2e7a2ac8f472 a/glibc-solibs-2.23-i586-1.txz\n5116eec63fab5e7dbc58d27fecd48684 l/glibc-2.23-i586-1.txz\nae9b8a8e4ead59aa398212d6893d7ddc l/glibc-i18n-2.23-i586-1.txz\n61154e43ee4c0739dd5d3c4ce3b60ae6 l/glibc-profile-2.23-i586-1.txz\n\nSlackware x86_64 -current packages:\nc48a55c8a39dc8e17e04796e4f160bd0 a/glibc-solibs-2.23-x86_64-1.txz\n36104e1a004b0e97d193c2132f18222d l/glibc-2.23-x86_64-1.txz\ne0415f66d17323c8f6df339cfd49051b l/glibc-i18n-2.23-x86_64-1.txz\nf5433793e9da696a60f2445559f1d33f l/glibc-profile-2.23-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg glibc-*.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. SEC Consult Vulnerability Lab Security Advisory \u003c 20190904-0 \u003e\n=======================================================================\n title: Multiple vulnerabilities\n product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P,\n Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160,\n Cisco 160W\n vulnerable version: Cisco RV34X - 1.0.02.16, Cisco RV16X/26X - 1.0.00.15\n fixed version: see \"Solution\"\n CVE number: -\n impact: High\n homepage: https://www.cisco.com/\n found: 2019-05-15\n by: T. Weber, S. Viehb\u00f6ck (Office Vienna)\n IoT Inspector\n SEC Consult Vulnerability Lab\n\n An integrated part of SEC Consult\n Europe | Asia | North America\n\n https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"Securely connecting your small business to the outside world is as important\nas connecting your internal network devices to one another. Cisco Small\nBusiness RV Series Routers offer virtual private networking (VPN) technology\nso your remote workers can connect to your network through a secure Internet\npathway.\"\n\nSource: https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html\n\n\nBusiness recommendation:\n------------------------\nWe want to thank Cisco for the very quick and professional response and great\ncoordination. Customers are urged to update the firmware of their devices. \n\n\nVulnerability overview/description:\n-----------------------------------\n1) Hardcoded Credentials\nThe device contains hardcoded users and passwords which can be used to login\nvia SSH on an emulated device at least. \n\nDuring the communication with Cisco it turned out that:\n\"Accounts like the \u0027debug-admin\u0027 and \u0027root\u0027 can not be accessed\nfrom console port, CLI or webui\". \nTherefore, these accounts had no real functionality and cannot be used for\nmalicious actions. \n\n2) Known GNU glibc Vulnerabilities\nThe used GNU glibc in version 2.19 is outdated and contains multiple known\nvulnerabilities. The outdated version was found by IoT Inspector. \n\n3) Known BusyBox Vulnerabilities\nThe used BusyBox toolkit in version 1.23.2 is outdated and contains multiple\nknown vulnerabilities. The outdated version was found by IoT Inspector. \nOne of the discovered vulnerabilities (CVE-2017-16544) was verified by using\nthe MEDUSA scaleable firmware runtime. \n\n\n4) Multiple Vulnerabilities - IoT Inspector Report\nFurther information can be found in IoT Inspector report:\nhttps://r.sec-consult.com/ciscoiot\n\n\nProof of concept:\n-----------------\n1) Hardcoded Credentials\nThe following hardcoded hashes were found in the \u0027shadow\u0027 file of the firmware:\nroot:$1$hPNSjUZA$7eKqEpqVYltt9xJ6f0OGf0:15533:0:99999:7:::\ndebug-admin:$1$.AAm0iJ4$na9wZwly9pSrdS8MhcGKw/:15541:0:99999:7:::\n[...]\n\nThe undocumented user \u0027debug-admin\u0027 is also contained in this file. \n\nStarting the dropbear daemon as background process on emulated firmware:\n-------------------------------------------------------------------------------\n# dropbear -E\n# [1109] \u003ctimestamp\u003e Running in background\n#\n# [1112] \u003ctimestamp\u003e Child connection from \u003cIP\u003e:52718\n[1112] \u003ctimestamp\u003e /var must be owned by user or root, and not writable by others\n[1112] \u003ctimestamp\u003e Password auth succeeded for \u0027debug-admin\u0027 from \u003cIP\u003e:52718\n-------------------------------------------------------------------------------\n\nLog on via another host connected to the same network. For this PoC the\npassword of the debug-admin was changed in the \u0027shadow\u0027 file. \n-------------------------------------------------------------------------------\n[root@localhost medusa]# ssh debug-admin@\u003cIP\u003e /bin/ash -i\ndebug-admin@\u003cIP\u003e\u0027s password:\n/bin/ash: can\u0027t access tty; job control turned off\n\n\nBusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)\n\n/tmp $\n-------------------------------------------------------------------------------\n\nThe \u0027debug-admin\u0027 user has the same privileges like \u0027root\u0027. This can be\ndetermined from the corresponding sudoers file in the firmware:\n[...]\n## User privilege specification\n##\nroot ALL=(ALL) ALL\ndebug-admin ALL=(ALL) ALL\n\n## Uncomment to allow members of group wheel to execute any command\n# %wheel ALL=(ALL) ALL\n[...]\n\nDuring the communication with Cisco it turned out that:\n\"Accounts like the \u0027debug-admin\u0027 and \u0027root\u0027 can not be accessed\nfrom console port, CLI or webui\". \nTherefore, these accounts had no real functionality and cannot be used for\nmalicious actions. \n\n2) Known GNU glibc Vulnerabilities\nGNU glibc version 2.19 contains multiple CVEs like:\nCVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-1472,\nCVE-2015-5277, CVE-2015-8778, CVE-2015-8779, CVE-2017-1000366 and more. It was compiled\nand executed on the emulated device to test the system. \n\n# python cve-2015-7547-poc.py \u0026\n[1] 961\n# chroot /medusa_rootfs/ bin/ash\n\n\nBusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)\n\n# gdb cve-2015-7547_glibc_getaddrinfo\n[...]\n[UDP] Total Data len recv 36\n[UDP] Total Data len recv 36\nConnected with 127.0.0.1:41782\n[TCP] Total Data len recv 76\n[TCP] Request1 len recv 36\n[TCP] Request2 len recv 36\nCannot access memory at address 0x4\n\nProgram received signal SIGSEGV, Segmentation fault. \n0x76f1fd58 in ?? () from /lib/libc.so.6\n(gdb)\n\nReferences:\nhttps://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html\nhttps://github.com/fjserna/CVE-2015-7547\n\n\n3) Known BusyBox Vulnerabilities\nBusyBox version 1.23.2 contains multiple CVEs like:\nCVE-2016-2148, CVE-2016-6301, CVE-2015-9261, CVE-2016-2147, CVE-2018-20679,\nCVE-2017-16544 and CVE-2019-5747. \nThe BusyBox shell autocompletion vulnerability (CVE-2017-16544) was verified on\nan emulated device:\n\nA file with the name \"\\ectest\\n\\e]55;test.txt\\a\" was created to trigger the\nvulnerability. \n-------------------------------------------------------------------------------\n# ls \"pressing \u003cTAB\u003e\"\ntest\n]55;test.txt\n#\n-------------------------------------------------------------------------------\n\n4) Multiple Vulnerabilities - IoT Inspector Report\nFurther information can be found in IoT Inspector report:\nhttps://r.sec-consult.com/ciscoiot\n\nThe summary is below:\nIoT Inspector Vulnerability #1 BusyBox CVE entries\nOutdated BusyBox version is affected by 7 published CVEs. \n\nIoT Inspector Vulnerability #2 curl CVE entries\nOutdated curl version is affected by 35 published CVEs. \n\nIoT Inspector Vulnerability #3 GNU glibc CVE entries\nOutdated GNU glibc version is affected by 44 published CVEs. \n\nIoT Inspector Vulnerability #5 Hardcoded password hashes\nFirmware contains multiple hardcoded credentials. \n\nIoT Inspector Vulnerability #6 Linux Kernel CVE entries\nOutdated Linux Kernel version affected by 512 published CVEs. \n\nIoT Inspector Vulnerability #7 MiniUPnPd CVE entries\nOutdated MiniUPnPd version affected by 2 published CVEs. \n\nIoT Inspector Vulnerability #8 Dnsmasq CVE entries\nOutdated MiniUPnPd version affected by 1 published CVE. \n\nIoT Inspector Vulnerability #9 Linux Kernel Privilege Escalation \u201cpp_key\u201d\nOutdated Linux Kernel version is affected by CVE-2015-7547. \n\nIoT Inspector Vulnerability #10 OpenSSL CVE entries\nOutdated OpenSSL version affected by 6 published CVEs. \n\n\nVulnerable / tested versions:\n-----------------------------\nThe following firmware versions have been tested with IoT Inspector and\nfirmware emulation techniques:\nCisco RV340 / 1.0.02.16\nCisco RV340W / 1.0.02.16\nCisco RV345 / 1.0.02.16\nCisco RV345P / 1.0.02.16\nThe following firmware versions have been tested with IoT Inspector only:\nCisco RV260 / 1.0.00.15\nCisco RV260P / 1.0.00.15\nCisco RV260W / 1.0.00.15\nCisco RV160 / 1.0.00.15\nCisco RV160P / 1.0.00.15\n\nThe firmware was obtained from the vendor website:\nhttps://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16\nhttps://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15\n\n\nVendor contact timeline:\n------------------------\n2019-05-15: Contacting vendor through psirt@cisco.com. \n2019-05-16: Vendor confirmed the receipt. \n2019-05-2019-08: Periodic updates about the investigation from the vendor. \n Clarification which of the reported issues will be fixed. \n2019-08-20: The vendor proposed the next possible publication date for the\n advisory for 2019-09-04. The vendor added the RV160 and RV260\n router series to be vulnerable to the same issues too. \n2019-09-04: Coordinated advisory release. \n\n\nSolution:\n---------\nUpgrade to the newest available firmware version. \n\nAdditionally, the vendor provides the following security notice:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sb-vpnrouter\n\n\nWorkaround:\n-----------\nNone. \n\n\nAdvisory URL:\n-------------\nhttps://www.sec-consult.com/en/vulnerability-lab/advisories/index.html\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSEC Consult Vulnerability Lab\n\nSEC Consult\nEurope | Asia | North America\n\nAbout SEC Consult Vulnerability Lab\nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It\nensures the continued knowledge gain of SEC Consult in the field of network\nand application security to stay ahead of the attacker. The SEC Consult\nVulnerability Lab supports high-quality penetration testing and the evaluation\nof new offensive and defensive technologies for our customers. Hence our\ncustomers obtain the most current information about vulnerabilities and valid\nrecommendation about the risk profile of new technologies. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nInterested to work with the experts of SEC Consult?\nSend us your application https://www.sec-consult.com/en/career/index.html\n\nInterested in improving your cyber security with the experts of SEC Consult?\nContact our local offices https://www.sec-consult.com/en/contact/index.html\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nEOF T. Weber / @2019\n\n. \n\nThe first vulnerability listed below is considered to have critical\nimpact. \n\nCVE-2015-7547\n\n The Google Security Team and Red Hat discovered that the glibc\n host name resolver function, getaddrinfo, when processing\n AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its\n internal buffers, leading to a stack-based buffer overflow and\n arbitrary code execution. This vulnerability affects most\n applications which perform host name resolution using getaddrinfo,\n including system services. \n\nCVE-2015-8776\n\n Adam Nielsen discovered that if an invalid separated time value\n is passed to strftime, the strftime function could crash or leak\n information. Applications normally pass only valid time\n information to strftime; no affected applications are known. \n\nCVE-2015-8778\n\n Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r\n functions did not check the size argument properly, leading to a\n crash (denial of service) for certain arguments. No impacted\n applications are known at this time. \n\nCVE-2015-8779\n\n The catopen function contains several unbound stack allocations\n (stack overflows), causing it the crash the process (denial of\n service). No applications where this issue has a security impact\n are currently known. \n\nWhile it is only necessary to ensure that all processes are not using\nthe old glibc anymore, it is recommended to reboot the machines after\napplying the security upgrade. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2.19-18+deb8u3. \n\nFor the unstable distribution (sid), these problems will be fixed in\nversion 2.21-8",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7547"
},
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "136881"
},
{
"db": "PACKETSTORM",
"id": "135791"
},
{
"db": "PACKETSTORM",
"id": "135911"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "135800"
},
{
"db": "PACKETSTORM",
"id": "135971"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-85508",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7547",
"trust": 2.6
},
{
"db": "BID",
"id": "83265",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "154361",
"trust": 1.2
},
{
"db": "EXPLOIT-DB",
"id": "39454",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "40339",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10150",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "167552",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "164014",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "135802",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1035020",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#457759",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA40161",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TRA-2017-08",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-16-103-01",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-301706",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2016-01100",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "135971",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135791",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136988",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136881",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135911",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135800",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135789",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136808",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137497",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135856",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138068",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136976",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135853",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137351",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136325",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135801",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136985",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138601",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136048",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-90749",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85508",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140605",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "136881"
},
{
"db": "PACKETSTORM",
"id": "135791"
},
{
"db": "PACKETSTORM",
"id": "135911"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "135800"
},
{
"db": "PACKETSTORM",
"id": "135971"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"id": "VAR-201602-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
}
],
"trust": 0.8356060666666666
},
"last_update_date": "2024-11-29T20:09:54.055000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for GNU glibc getaddrinfo () stack buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/71529"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/articles/2161461"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0175.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0225.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035020"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/sep/7"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/sep/7"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2021/sep/0"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2022/jun/36"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39454/"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/40339/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/83265"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3480"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3481"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177404.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177412.html"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0176.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0277.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
},
{
"trust": 1.1,
"url": "http://ubuntu.com/usn/usn-2900-1"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/457759"
},
{
"trust": 1.1,
"url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-stack-based-buffer-overflow.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/154361/cisco-device-hardcoded-credentials-gnu-glibc-busybox.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/164014/moxa-command-injection-cross-site-scripting-vulnerable-software.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/167552/nexans-ftto-gigaswitch-outdated-components-hardcoded-backdoor.html"
},
{
"trust": 1.1,
"url": "http://support.citrix.com/article/ctx206991"
},
{
"trust": 1.1,
"url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2016-0002.html"
},
{
"trust": 1.1,
"url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
},
{
"trust": 1.1,
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"trust": 1.1,
"url": "https://bto.bluecoat.com/security-advisory/sa114"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"trust": 1.1,
"url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05028479"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04989404"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05008367"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05053211"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05073516"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05098877"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05125672"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128937"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05130958"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05140858"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05176716"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05212266"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-103-01"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40161"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
},
{
"trust": 1.1,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"trust": 1.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"trust": 1.1,
"url": "https://support.lenovo.com/us/en/product_security/len_5450"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/research/tra-2017-08"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10150"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf"
},
{
"trust": 0.6,
"url": "https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 0.6,
"url": "https://isc.sans.edu/diary/cve-2015-7547"
},
{
"trust": 0.4,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.4,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-7547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8778"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8779"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145690841819314\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145596041017029\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145672440608228\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145857691004892\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=146161017210491\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10150"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4877"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.1,
"url": "http://downloads.eucalyptus.com/software/eucalyptus/4.2/"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://github.com/fjserna/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6301"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1472"
},
{
"trust": 0.1,
"url": "https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html"
},
{
"trust": 0.1,
"url": "https://r.sec-consult.com/ciscoiot"
},
{
"trust": 0.1,
"url": "https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 0.1,
"url": "https://github.com/fjserna/cve-2015-7547."
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/career/index.html"
},
{
"trust": 0.1,
"url": "https://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5277"
},
{
"trust": 0.1,
"url": "https://twitter.com/sec_consult"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190904-sb-vpnrouter"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2147"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9761"
},
{
"trust": 0.1,
"url": "http://blog.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000366"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2148"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20679"
},
{
"trust": 0.1,
"url": "https://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5747"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/contact/index.html"
},
{
"trust": 0.1,
"url": "https://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8776"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "136881"
},
{
"db": "PACKETSTORM",
"id": "135791"
},
{
"db": "PACKETSTORM",
"id": "135911"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "135800"
},
{
"db": "PACKETSTORM",
"id": "135971"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "136881"
},
{
"db": "PACKETSTORM",
"id": "135791"
},
{
"db": "PACKETSTORM",
"id": "135911"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "136988"
},
{
"db": "PACKETSTORM",
"id": "135800"
},
{
"db": "PACKETSTORM",
"id": "135971"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"date": "2016-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-85508"
},
{
"date": "2016-02-16T17:17:25",
"db": "PACKETSTORM",
"id": "135789"
},
{
"date": "2017-01-19T13:56:50",
"db": "PACKETSTORM",
"id": "140605"
},
{
"date": "2016-05-02T21:41:42",
"db": "PACKETSTORM",
"id": "136881"
},
{
"date": "2016-02-16T17:17:58",
"db": "PACKETSTORM",
"id": "135791"
},
{
"date": "2016-02-24T23:59:59",
"db": "PACKETSTORM",
"id": "135911"
},
{
"date": "2019-09-04T18:32:22",
"db": "PACKETSTORM",
"id": "154361"
},
{
"date": "2016-05-13T16:14:06",
"db": "PACKETSTORM",
"id": "136988"
},
{
"date": "2016-02-17T01:01:16",
"db": "PACKETSTORM",
"id": "135800"
},
{
"date": "2016-02-26T19:32:00",
"db": "PACKETSTORM",
"id": "135971"
},
{
"date": "2016-02-18T21:59:00.120000",
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-85508"
},
{
"date": "2024-11-21T02:36:57.503000",
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "136881"
},
{
"db": "PACKETSTORM",
"id": "135791"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GNU glibc getaddrinfo () stack buffer overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "135789"
},
{
"db": "PACKETSTORM",
"id": "135791"
}
],
"trust": 0.2
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.