ID

VAR-201602-0004


CVE

CVE-2015-7547


TITLE

GNU glibc getaddrinfo () stack buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-01100

DESCRIPTION

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system. There is a stack overflow vulnerability in the getaddrinfo function in glibc when processing a specific DNS response packet. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control. ============================================================================ Ubuntu Security Notice USN-2900-1 February 16, 2016 eglibc, glibc vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: GNU C Library could be made to crash or run programs if it received specially crafted network traffic. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libc6 2.21-0ubuntu4.1 Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.7 Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.13 After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security update Advisory ID: RHSA-2016:0225-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0225.html Issue date: 2016-02-16 CVE Names: CVE-2015-7547 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This issue was discovered by the Google Security Team and Red Hat. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.6): Source: glibc-2.12-1.149.el6_6.11.src.rpm x86_64: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-2.12-1.149.el6_6.11.x86_64.rpm glibc-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.x86_64.rpm glibc-headers-2.12-1.149.el6_6.11.x86_64.rpm glibc-utils-2.12-1.149.el6_6.11.x86_64.rpm nscd-2.12-1.149.el6_6.11.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6): x86_64: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.2): Source: glibc-2.12-1.47.el6_2.17.src.rpm x86_64: glibc-2.12-1.47.el6_2.17.i686.rpm glibc-2.12-1.47.el6_2.17.x86_64.rpm glibc-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-devel-2.12-1.47.el6_2.17.i686.rpm glibc-devel-2.12-1.47.el6_2.17.x86_64.rpm glibc-headers-2.12-1.47.el6_2.17.x86_64.rpm glibc-utils-2.12-1.47.el6_2.17.x86_64.rpm nscd-2.12-1.47.el6_2.17.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.9.src.rpm x86_64: glibc-2.12-1.107.el6_4.9.i686.rpm glibc-2.12-1.107.el6_4.9.x86_64.rpm glibc-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-devel-2.12-1.107.el6_4.9.i686.rpm glibc-devel-2.12-1.107.el6_4.9.x86_64.rpm glibc-headers-2.12-1.107.el6_4.9.x86_64.rpm glibc-utils-2.12-1.107.el6_4.9.x86_64.rpm nscd-2.12-1.107.el6_4.9.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.7.src.rpm x86_64: glibc-2.12-1.132.el6_5.7.i686.rpm glibc-2.12-1.132.el6_5.7.x86_64.rpm glibc-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-devel-2.12-1.132.el6_5.7.i686.rpm glibc-devel-2.12-1.132.el6_5.7.x86_64.rpm glibc-headers-2.12-1.132.el6_5.7.x86_64.rpm glibc-utils-2.12-1.132.el6_5.7.x86_64.rpm nscd-2.12-1.132.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.6): Source: glibc-2.12-1.149.el6_6.11.src.rpm i386: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-headers-2.12-1.149.el6_6.11.i686.rpm glibc-utils-2.12-1.149.el6_6.11.i686.rpm nscd-2.12-1.149.el6_6.11.i686.rpm ppc64: glibc-2.12-1.149.el6_6.11.ppc.rpm glibc-2.12-1.149.el6_6.11.ppc64.rpm glibc-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-devel-2.12-1.149.el6_6.11.ppc.rpm glibc-devel-2.12-1.149.el6_6.11.ppc64.rpm glibc-headers-2.12-1.149.el6_6.11.ppc64.rpm glibc-utils-2.12-1.149.el6_6.11.ppc64.rpm nscd-2.12-1.149.el6_6.11.ppc64.rpm s390x: glibc-2.12-1.149.el6_6.11.s390.rpm glibc-2.12-1.149.el6_6.11.s390x.rpm glibc-common-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm glibc-devel-2.12-1.149.el6_6.11.s390.rpm glibc-devel-2.12-1.149.el6_6.11.s390x.rpm glibc-headers-2.12-1.149.el6_6.11.s390x.rpm glibc-utils-2.12-1.149.el6_6.11.s390x.rpm nscd-2.12-1.149.el6_6.11.s390x.rpm x86_64: glibc-2.12-1.149.el6_6.11.i686.rpm glibc-2.12-1.149.el6_6.11.x86_64.rpm glibc-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-devel-2.12-1.149.el6_6.11.i686.rpm glibc-devel-2.12-1.149.el6_6.11.x86_64.rpm glibc-headers-2.12-1.149.el6_6.11.x86_64.rpm glibc-utils-2.12-1.149.el6_6.11.x86_64.rpm nscd-2.12-1.149.el6_6.11.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.2): Source: glibc-2.12-1.47.el6_2.17.src.rpm x86_64: glibc-debuginfo-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.17.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.17.x86_64.rpm glibc-static-2.12-1.47.el6_2.17.i686.rpm glibc-static-2.12-1.47.el6_2.17.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.9.src.rpm x86_64: glibc-debuginfo-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.9.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.9.x86_64.rpm glibc-static-2.12-1.107.el6_4.9.i686.rpm glibc-static-2.12-1.107.el6_4.9.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 6.5): Source: glibc-2.12-1.132.el6_5.7.src.rpm x86_64: glibc-debuginfo-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-2.12-1.132.el6_5.7.x86_64.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.i686.rpm glibc-debuginfo-common-2.12-1.132.el6_5.7.x86_64.rpm glibc-static-2.12-1.132.el6_5.7.i686.rpm glibc-static-2.12-1.132.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.6): i386: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm ppc64: glibc-debuginfo-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.11.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.ppc64.rpm glibc-static-2.12-1.149.el6_6.11.ppc.rpm glibc-static-2.12-1.149.el6_6.11.ppc64.rpm s390x: glibc-debuginfo-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.11.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.s390x.rpm glibc-static-2.12-1.149.el6_6.11.s390.rpm glibc-static-2.12-1.149.el6_6.11.s390x.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.11.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.11.x86_64.rpm glibc-static-2.12-1.149.el6_6.11.i686.rpm glibc-static-2.12-1.149.el6_6.11.x86_64.rpm Red Hat Enterprise Linux ComputeNode EUS (v. 7.1): Source: glibc-2.17-79.el7_1.4.src.rpm x86_64: glibc-2.17-79.el7_1.4.i686.rpm glibc-2.17-79.el7_1.4.x86_64.rpm glibc-common-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-devel-2.17-79.el7_1.4.i686.rpm glibc-devel-2.17-79.el7_1.4.x86_64.rpm glibc-headers-2.17-79.el7_1.4.x86_64.rpm glibc-utils-2.17-79.el7_1.4.x86_64.rpm nscd-2.17-79.el7_1.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1): x86_64: glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-static-2.17-79.el7_1.4.i686.rpm glibc-static-2.17-79.el7_1.4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: glibc-2.17-79.el7_1.4.src.rpm ppc64: glibc-2.17-79.el7_1.4.ppc.rpm glibc-2.17-79.el7_1.4.ppc64.rpm glibc-common-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm glibc-devel-2.17-79.el7_1.4.ppc.rpm glibc-devel-2.17-79.el7_1.4.ppc64.rpm glibc-headers-2.17-79.el7_1.4.ppc64.rpm glibc-utils-2.17-79.el7_1.4.ppc64.rpm nscd-2.17-79.el7_1.4.ppc64.rpm s390x: glibc-2.17-79.el7_1.4.s390.rpm glibc-2.17-79.el7_1.4.s390x.rpm glibc-common-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm glibc-devel-2.17-79.el7_1.4.s390.rpm glibc-devel-2.17-79.el7_1.4.s390x.rpm glibc-headers-2.17-79.el7_1.4.s390x.rpm glibc-utils-2.17-79.el7_1.4.s390x.rpm nscd-2.17-79.el7_1.4.s390x.rpm x86_64: glibc-2.17-79.el7_1.4.i686.rpm glibc-2.17-79.el7_1.4.x86_64.rpm glibc-common-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-devel-2.17-79.el7_1.4.i686.rpm glibc-devel-2.17-79.el7_1.4.x86_64.rpm glibc-headers-2.17-79.el7_1.4.x86_64.rpm glibc-utils-2.17-79.el7_1.4.x86_64.rpm nscd-2.17-79.el7_1.4.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.1): Source: glibc-2.17-79.ael7b_1.4.src.rpm ppc64le: glibc-2.17-79.ael7b_1.4.ppc64le.rpm glibc-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-devel-2.17-79.ael7b_1.4.ppc64le.rpm glibc-headers-2.17-79.ael7b_1.4.ppc64le.rpm glibc-utils-2.17-79.ael7b_1.4.ppc64le.rpm nscd-2.17-79.ael7b_1.4.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64: glibc-debuginfo-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-2.17-79.el7_1.4.ppc64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc.rpm glibc-debuginfo-common-2.17-79.el7_1.4.ppc64.rpm glibc-static-2.17-79.el7_1.4.ppc.rpm glibc-static-2.17-79.el7_1.4.ppc64.rpm s390x: glibc-debuginfo-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-2.17-79.el7_1.4.s390x.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390.rpm glibc-debuginfo-common-2.17-79.el7_1.4.s390x.rpm glibc-static-2.17-79.el7_1.4.s390.rpm glibc-static-2.17-79.el7_1.4.s390x.rpm x86_64: glibc-debuginfo-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-2.17-79.el7_1.4.x86_64.rpm glibc-debuginfo-common-2.17-79.el7_1.4.i686.rpm glibc-debuginfo-common-2.17-79.el7_1.4.x86_64.rpm glibc-static-2.17-79.el7_1.4.i686.rpm glibc-static-2.17-79.el7_1.4.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.1): ppc64le: glibc-debuginfo-2.17-79.ael7b_1.4.ppc64le.rpm glibc-debuginfo-common-2.17-79.ael7b_1.4.ppc64le.rpm glibc-static-2.17-79.ael7b_1.4.ppc64le.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/2161461 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWw0rVXlSAg2UNWIIRAoWoAJ93rclEfn9JUszTFNh+0YlrV1LDvgCdHL4z ZcaJTtI1osFTTkgVY6t05d0= =2Ia0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04989404 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04989404 Version: 1 HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-02-18 Last Updated: 2016-02-18 Potential Security Impact: Remote Arbitrary Code Execution Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A security vulnerability in glibc has been addressed with HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus components. The vulnerability could be exploited remotely resulting in arbitrary execution of code. - Helion Eucalyptus Node Controller (NC) components are confirmed to be affected by the vulnerability. Other Helion Eucalyptus components and pre-bundled service EMIs do not directly expose the vulnerability, but because glibc is a commonly used library on Linux, the exact exposure is hard to determine. Any software performing domain name resolution is potentially vulnerable. References: - CVE-2015-7547 - PSRT110035 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE Helion Eucalyptus 4.2.1 and earlier - HPE Helion Eucalyptus Service EMIs for Load Balancing and Imaging services package "eucalyptus-service-image-1.48-0.87.99" and earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-7547 (AV:N/AC:H/Au:N/C:N/I:C/A:P) 6.1 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE has made the following software updates and workaround information available to resolve the vulnerability with glibc for HPE Helion Eucalyptus. + All hosts running HPE Helion Eucalyptus services should be upgraded to the latest glibc. Updated glibc packages are available for RHEL and CentOS: https://access.redhat.com/articles/2161461 **RHEL Note:** After following the guidelines for RHEL, a reboot is the safest and recommended way to ensure that updates takes effect for all services. + New Helion Eucalyptus Service EMIs will be made available soon in the Eucalyptus software repositories at: http://downloads.eucalyptus.com/software/eucalyptus/4.2/ **Note:** This security bulletin will be revised when those updates are available. Until Helion Eucalyptus EMI updates are available, the following workaround is available to update the instances launched from eucalyptus-service-image-1.48-0.87.99 and earlier to the latest glibc packages. **Workaround:** As a cloud administrator: 1) create an update-glibc script with the following content: #! /bin/bash yum update -y glibc 2) set the following cloud properties to use that script on instance start: euctl services.imaging.worker.init_script=@update-glibc euctl services.loadbalancing.worker.init_script=@update-glibc This script will be automatically executed for each of the new instances started from the service image. For instances that are already running, the cloud administrator will need to terminate them and start again for the script to take effect. More specifically, for the Load Balancing service, the cloud admin needs to find all instances running under the "(eucalyptus)loadbalancing" account: # euare-accountlist | grep loadbalancing (eucalyptus)loadbalancing <accnt_id> # euca-describe-instances verbose | grep <accnt_id> And terminate them using euca-terminate-instances. New updated instances will be started automatically after that. For the Imaging Service, the imaging worker needs to be terminated and started again: # esi-manage-stack -a delete imaging # esi-manage-stack -a create imaging HISTORY Version:1 (rev.1) - 17 February 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The first vulnerability listed below is considered to have critical impact. CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its internal buffers, leading to a stack-based buffer overflow and arbitrary code execution. This vulnerability affects most applications which perform host name resolution using getaddrinfo, including system services. CVE-2015-8776 Adam Nielsen discovered that if an invalid separated time value is passed to strftime, the strftime function could crash or leak information. Applications normally pass only valid time information to strftime; no affected applications are known. CVE-2015-8778 Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r functions did not check the size argument properly, leading to a crash (denial of service) for certain arguments. No impacted applications are known at this time. CVE-2015-8779 The catopen function contains several unbound stack allocations (stack overflows), causing it the crash the process (denial of service). No applications where this issue has a security impact are currently known. While it is only necessary to ensure that all processes are not using the old glibc anymore, it is recommended to reboot the machines after applying the security upgrade. For the unstable distribution (sid), these problems will be fixed in version 2.21-8. + 3PAR OS 3.2.1 MU5 and 3.2.2 MU2 - HPE recommends prior impacted versions update to 3PAR OS 3.2.1 MU 5 or 3.2.2 MU2. - glibc has been updated in these releases to resolve the glibc vulnerability. + 3PAR OS 3.1.3 is also vulnerable but will not be fixed. **Mitigation:** The best protection to guard against exploitation of this vulnerability is to securely configure and operate the storage array in accordance with the *HPE 3PAR Configuration Guidelines* documentation. SEC Consult Vulnerability Lab Security Advisory < 20210901-0 > ======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number: CVE-2021-39278, CVE-2021-39279 impact: High homepage: https://www.moxa.com/ found: 2020-08-31 by: T. Weber (Office Vienna) SEC Consult Vulnerability Lab An integrated part of SEC Consult, an Atos company Europe | Asia | North America https://www.sec-consult.com ======================================================================= Vendor description: ------------------- "Together, We Create Change Moxa is committed to making a positive impact around the world. We put our all behind this commitment--from our employees, to our products and supply chain. In our local communities, we nurture and support the spirit of volunteering. We encourage our employees to contribute to community development, with an emphasis on ecology, education, and health. In our products, we invest in social awareness programs and environment-friendly policies at every stage of the product lifecycle. We make sure our manufacturing meets the highest standards with regards to quality, ethics, and sustainability." Source: https://www.moxa.com/en/about-us/corporate-responsibility Business recommendation: ------------------------ SEC Consult recommends to immediately apply the available patches from the vendor. A thorough security review should be performed by security professionals to identify further potential security issues. Vulnerability overview/description: ----------------------------------- 1) Authenticated Command Injection (CVE-2021-39279) An authenticated command injection vulnerability can be triggered by issuing a GET request to the "/forms/web_importTFTP" CGI program which is available on the web interface. An attacker can abuse this vulnerability to compromise the operating system of the device. This issue was found by emulating the firmware of the device. 2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278) Via a crafted config-file, a reflected cross-site scripting vulnerability can be exploited in the context of the victim's browser. This config-file can be uploaded to the device via the "Config Import Export" tab in the main menu. 3) Known GNU glibc Vulnerabilities (CVE-2015-0235) The used GNU glibc in version 2.9 is outdated and contains multiple known vulnerabilities. One of the discovered vulnerabilities (CVE-2015-0235, gethostbyname "GHOST" buffer overflow) was verified by using the MEDUSA scalable firmware runtime. 4) Multiple Outdated Software Components Multiple outdated software components containing vulnerabilities were found by the IoT Inspector. The vulnerabilities 1), 2) and 3) were manually verified on an emulated device by using the MEDUSA scalable firmware runtime. Proof of concept: ----------------- 1) Authenticated Command Injection (CVE-2021-39279) The vulnerability can be triggered by navigating in the web interface to the tab: "Main Menu"->"Maintenance"->"Config Import Export" The "TFTP Import" menu is prone to command injection via all parameters. To exploit the vulnerability, an IP address, a configuration path and a filename must be set. If the filename is used to trigger the exploit, the payload in the interceptor proxy would be: http://192.168.1.1/forms/web_importTFTP?servIP=192.168.1.1&configPath=/&fileName=name|`ping localhost -c 100` 2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278) The vulnerability can be triggered by navigating in the web interface to the tab: "Main Menu"->"Maintenance"->"Config Import Export" The "Config Import" menu is prone to reflected cross-site scripting via the upload of config files. Example of malicious config file: ------------------------------------------------------------------------------- [board] deviceName="WAC-2004_0000</span><script>alert(document.cookie)</script>" deviceLocation="" [..] ------------------------------------------------------------------------------- Uploading such a crafted file triggers cross-site scripting as the erroneous value is displayed without filtering characters. 3) Known GNU glibc Vulnerabilities (CVE-2015-0235) GNU glibc version 2.9 contains multiple CVEs like: CVE-2016-1234, CVE-2015-7547, CVE-2013-7423, CVE-2013-1914, and more. The gethostbyname buffer overflow vulnerability (GHOST) was checked with the help of the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was compiled and executed on the emulated device to test the system. 4) Multiple Outdated Software Components The IoT Inspector recognized multiple outdated software components with known vulnerabilities: BusyBox 1.18.5 06/2011 Dropbear SSH 2011.54 11/2011 GNU glibc 2.9 02/2009 Linux Kernel 2.6.27 10/2008 OpenSSL 0.9.7g 04/2005 Only found in the program "iw_director" OpenSSL 1.0.0 03/2010 Vulnerable / tested versions: ----------------------------- The following firmware versions for various devices have been identified to be vulnerable: * WAC-2004 / 1.7 * WAC-1001 / 2.1 * WAC-1001-T / 2.1 * OnCell G3470A-LTE-EU / 1.7 * OnCell G3470A-LTE-EU-T / 1.7 * TAP-323-EU-CT-T / 1.3 * TAP-323-US-CT-T / 1.3 * TAP-323-JP-CT-T / 1.3 * WDR-3124A-EU / 2.3 * WDR-3124A-EU-T / 2.3 * WDR-3124A-US / 2.3 * WDR-3124A-US-T / 2.3 Vendor contact timeline: ------------------------ 2020-10-09: Contacting vendor through moxa.csrt@moxa.com. 2020-10-12: Contact sends PGP key for encrypted communication and asks for the detailed advisory. Sent encrypted advisory to vendor. 2020-11-06: Status update from vendor regarding technical analysis. Vendor requested more time for fixing the vulnerabilities as more products are affected. 2020-11-09: Granted more time for fixing to vendor. 2020-11-10: Vendor asked for next steps regarding the advisory publication. 2020-11-11: Asked vendor for an estimation when a public disclosure is possible. 2020-11-16: Vendor responded that the product team can give a rough feedback. 2020-11-25: Asked for a status update. 2020-11-25: Vendor responded that the investigation is not done yet. 2020-12-14: Vendor provided a list of potential affected devices and stated that full investigation may take until January 2021 due to the list of CVEs that were provided with the appended IoT Inspector report. The patches may be available until June 2021. 2020-12-15: Shifted next status update round with vendor on May 2021. 2020-12-23: Vendor provided full list of affected devices. 2021-02-05: Vendor sieved out the found issues from 4) manually and provided a full list of confirmed vulnerabilities. WAC-2004 phased-out in 2019. 2021-02-21: Confirmed receive of vulnerabilities, next status update in May 2021. 2021-06-10: Asking for an update. 2021-06-15: Vendor stated, that the update will be provided in the next days. 2021-06-21: Vendor will give an update in the next week as Covid gets worse in Taiwan. 2021-06-23: Vendor stated, that patches are under development. Vendor needs more time to finish the patches. 2021-06-24: Set release date to 2021-09-01. 2021-07-02: Vendor provides status updates. 2021-08-16: Vendor provides status updates. 2021-08-17: Vendor asks for CVE IDs and stated, that WDR-3124A has phased-out. 2021-08-20: Sent assigned CVE-IDs to vendor. Asked for fixed version numbers. 2021-08-31: Vendor provides fixed firmware version numbers and the advisory links. 2021-09-01: Coordinated release of security advisory. Solution: --------- According to the vendor the following patches must be applied to fix issues: * WAC-1001 / 2.1.5 * WAC-1001-T / 2.1.5 * OnCell G3470A-LTE-EU / 1.7.4 * OnCell G3470A-LTE-EU-T / 1.7.4 * TAP-323-EU-CT-T / 1.8.1 * TAP-323-US-CT-T / 1.8.1 * TAP-323-JP-CT-T / 1.8.1 The Moxa Technical Support must be contacted for requesting the security patches. The corresponding security advisories for the affected devices are available on the vendor's website: TAP-323/WAC-1001/WAC-2004 https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities OnCell G3470A-LTE/WDR-3124A https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities The following device models are EOL and should be replaced: * WAC-2004 * WDR-3124A-EU * WDR-3124A-EU-T * WDR-3124A-US * WDR-3124A-US-T Workaround: ----------- None. Advisory URL: ------------- https://sec-consult.com/vulnerability-lab/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab SEC Consult, an Atos company Europe | Asia | North America About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an Atos company. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://sec-consult.com/career/ Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://sec-consult.com/contact/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult EOF Thomas Weber / @2021

Trust: 2.61

sources: NVD: CVE-2015-7547 // CNVD: CNVD-2016-01100 // VULHUB: VHN-85508 // PACKETSTORM: 137112 // PACKETSTORM: 136985 // PACKETSTORM: 140605 // PACKETSTORM: 136881 // PACKETSTORM: 135801 // PACKETSTORM: 135791 // PACKETSTORM: 135853 // PACKETSTORM: 136325 // PACKETSTORM: 135800 // PACKETSTORM: 136976 // PACKETSTORM: 135971 // PACKETSTORM: 164014

AFFECTED PRODUCTS

vendor:susemodel:linux enterprise serverscope:eqversion:12

Trust: 2.0

vendor:gnumodel:glibcscope:eqversion:2.11.1

Trust: 1.6

vendor:gnumodel:glibcscope:eqversion:2.21

Trust: 1.6

vendor:gnumodel:glibcscope:eqversion:2.14.1

Trust: 1.6

vendor:gnumodel:glibcscope:eqversion:2.16

Trust: 1.6

vendor:gnumodel:glibcscope:eqversion:2.18

Trust: 1.6

vendor:gnumodel:glibcscope:eqversion:2.22

Trust: 1.6

vendor:gnumodel:glibcscope:eqversion:2.11

Trust: 1.6

vendor:gnumodel:glibcscope:eqversion:2.19

Trust: 1.6

vendor:gnumodel:glibcscope:eqversion:2.20

Trust: 1.6

vendor:gnumodel:glibcscope:eqversion:2.10.1

Trust: 1.6

vendor:oraclemodel:exalogic infrastructurescope:eqversion:1.0

Trust: 1.0

vendor:sophosmodel:unified threat management softwarescope:eqversion:9.319

Trust: 1.0

vendor:hpmodel:helion openstackscope:eqversion:1.1.1

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.2

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:eqversion:12.0.0

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:12

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.2

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:hpmodel:server migration packscope:eqversion:7.5

Trust: 1.0

vendor:sophosmodel:unified threat management softwarescope:eqversion:9.355

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:eqversion:12.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:oraclemodel:exalogic infrastructurescope:eqversion:2.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:eqversion:12.0.0

Trust: 1.0

vendor:susemodel:linux enterprise software development kitscope:eqversion:11.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.2

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.12.2

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.12

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:hpmodel:helion openstackscope:eqversion:2.1.0

Trust: 1.0

vendor:hpmodel:helion openstackscope:eqversion:2.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:eqversion:12.0.0

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.13

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.12.1

Trust: 1.0

vendor:oraclemodel:fujitsu m10scope:lteversion:2290

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.11.2

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.10

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.9

Trust: 1.0

vendor:redhatmodel:enterprise linux hpc node eusscope:eqversion:7.2

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.14

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:eqversion:12.0.0

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.11.3

Trust: 1.0

vendor:susemodel:linux enterprise debuginfoscope:eqversion:11.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:eqversion:12.0.0

Trust: 1.0

vendor:susemodel:linux enterprise software development kitscope:eqversion:12

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:eqversion:12.0.0

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.10

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.15

Trust: 1.0

vendor:gnumodel:glibcscope:eqversion:2.17

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:eqversion:12.0.0

Trust: 1.0

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:7.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:eqversion:12.0.0

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:11.0

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:11.0

Trust: 1.0

vendor:gnumodel:glibcscope:gtversion:2.9

Trust: 0.6

vendor:siemensmodel:apescope: - version: -

Trust: 0.6

vendor:siemensmodel:basic rtscope:eqversion:v13

Trust: 0.6

vendor:siemensmodel:rox ii osscope:gteversion:v2.3.0<=v2.9.0

Trust: 0.6

vendor:siemensmodel:scalance m-800 s615scope:eqversion:/

Trust: 0.6

vendor:siemensmodel:sinema remote connectscope:ltversion:v1.2

Trust: 0.6

sources: CNVD: CNVD-2016-01100 // CNNVD: CNNVD-201602-348 // NVD: CVE-2015-7547

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7547
value: HIGH

Trust: 1.0

CNVD: CNVD-2016-01100
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201602-348
value: HIGH

Trust: 0.6

VULHUB: VHN-85508
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7547
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2016-01100
severity: HIGH
baseScore: 8.3
vectorString: AV:N/AC:M/AU:N/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-85508
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7547
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-01100 // VULHUB: VHN-85508 // CNNVD: CNNVD-201602-348 // NVD: CVE-2015-7547

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

sources: VULHUB: VHN-85508 // NVD: CVE-2015-7547

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 136881 // PACKETSTORM: 135801 // PACKETSTORM: 135791 // CNNVD: CNNVD-201602-348

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201602-348

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-85508

PATCH

title:Patch for GNU glibc getaddrinfo () stack buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/71529

Trust: 0.6

title:glibc Fixes for stack-based buffer overflow vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=60267

Trust: 0.6

sources: CNVD: CNVD-2016-01100 // CNNVD: CNNVD-201602-348

EXTERNAL IDS

db:NVDid:CVE-2015-7547

Trust: 3.5

db:BIDid:83265

Trust: 2.3

db:PACKETSTORMid:164014

Trust: 1.8

db:EXPLOIT-DBid:39454

Trust: 1.7

db:EXPLOIT-DBid:40339

Trust: 1.7

db:MCAFEEid:SB10150

Trust: 1.7

db:PACKETSTORMid:167552

Trust: 1.7

db:PACKETSTORMid:135802

Trust: 1.7

db:PACKETSTORMid:154361

Trust: 1.7

db:SECTRACKid:1035020

Trust: 1.7

db:CERT/CCid:VU#457759

Trust: 1.7

db:PULSESECUREid:SA40161

Trust: 1.7

db:TENABLEid:TRA-2017-08

Trust: 1.7

db:ICS CERTid:ICSA-16-103-01

Trust: 1.7

db:CNNVDid:CNNVD-201602-348

Trust: 0.7

db:SIEMENSid:SSA-301706

Trust: 0.6

db:CNVDid:CNVD-2016-01100

Trust: 0.6

db:CXSECURITYid:WLB-2022060049

Trust: 0.6

db:AUSCERTid:ESB-2020.2340

Trust: 0.6

db:PACKETSTORMid:135971

Trust: 0.2

db:PACKETSTORMid:135791

Trust: 0.2

db:PACKETSTORMid:136976

Trust: 0.2

db:PACKETSTORMid:136881

Trust: 0.2

db:PACKETSTORMid:135853

Trust: 0.2

db:PACKETSTORMid:137112

Trust: 0.2

db:PACKETSTORMid:136325

Trust: 0.2

db:PACKETSTORMid:135801

Trust: 0.2

db:PACKETSTORMid:136985

Trust: 0.2

db:PACKETSTORMid:135800

Trust: 0.2

db:PACKETSTORMid:136808

Trust: 0.1

db:PACKETSTORMid:137497

Trust: 0.1

db:PACKETSTORMid:135856

Trust: 0.1

db:PACKETSTORMid:136988

Trust: 0.1

db:PACKETSTORMid:138068

Trust: 0.1

db:PACKETSTORMid:135911

Trust: 0.1

db:PACKETSTORMid:137351

Trust: 0.1

db:PACKETSTORMid:135789

Trust: 0.1

db:PACKETSTORMid:138601

Trust: 0.1

db:PACKETSTORMid:136048

Trust: 0.1

db:SEEBUGid:SSVID-90749

Trust: 0.1

db:VULHUBid:VHN-85508

Trust: 0.1

db:PACKETSTORMid:140605

Trust: 0.1

sources: CNVD: CNVD-2016-01100 // VULHUB: VHN-85508 // PACKETSTORM: 137112 // PACKETSTORM: 136985 // PACKETSTORM: 140605 // PACKETSTORM: 136881 // PACKETSTORM: 135801 // PACKETSTORM: 135791 // PACKETSTORM: 135853 // PACKETSTORM: 136325 // PACKETSTORM: 135800 // PACKETSTORM: 136976 // PACKETSTORM: 135971 // PACKETSTORM: 164014 // CNNVD: CNNVD-201602-348 // NVD: CVE-2015-7547

REFERENCES

url:https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

Trust: 2.3

url:http://packetstormsecurity.com/files/154361/cisco-device-hardcoded-credentials-gnu-glibc-busybox.html

Trust: 2.3

url:http://packetstormsecurity.com/files/164014/moxa-command-injection-cross-site-scripting-vulnerable-software.html

Trust: 2.3

url:http://packetstormsecurity.com/files/167552/nexans-ftto-gigaswitch-outdated-components-hardcoded-backdoor.html

Trust: 2.3

url:https://access.redhat.com/articles/2161461

Trust: 2.0

url:http://rhn.redhat.com/errata/rhsa-2016-0225.html

Trust: 1.8

url:http://www.securitytracker.com/id/1035020

Trust: 1.7

url:http://seclists.org/fulldisclosure/2019/sep/7

Trust: 1.7

url:https://seclists.org/bugtraq/2019/sep/7

Trust: 1.7

url:http://seclists.org/fulldisclosure/2021/sep/0

Trust: 1.7

url:http://seclists.org/fulldisclosure/2022/jun/36

Trust: 1.7

url:https://www.exploit-db.com/exploits/39454/

Trust: 1.7

url:https://www.exploit-db.com/exploits/40339/

Trust: 1.7

url:http://www.securityfocus.com/bid/83265

Trust: 1.7

url:http://www.debian.org/security/2016/dsa-3480

Trust: 1.7

url:http://www.debian.org/security/2016/dsa-3481

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177404.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177412.html

Trust: 1.7

url:https://security.gentoo.org/glsa/201602-02

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2016-0175.html

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2016-0176.html

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2016-0277.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html

Trust: 1.7

url:http://ubuntu.com/usn/usn-2900-1

Trust: 1.7

url:https://www.kb.cert.org/vuls/id/457759

Trust: 1.7

url:http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow

Trust: 1.7

url:http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-stack-based-buffer-overflow.html

Trust: 1.7

url:http://support.citrix.com/article/ctx206991

Trust: 1.7

url:http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow

Trust: 1.7

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en

Trust: 1.7

url:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Trust: 1.7

url:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Trust: 1.7

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Trust: 1.7

url:http://www.vmware.com/security/advisories/vmsa-2016-0002.html

Trust: 1.7

url:https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/

Trust: 1.7

url:https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

Trust: 1.7

url:https://bto.bluecoat.com/security-advisory/sa114

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=1293532

Trust: 1.7

url:https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

Trust: 1.7

url:https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05028479

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04989404

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05008367

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05053211

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05073516

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05098877

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05125672

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128937

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05130958

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05140858

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05176716

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05212266

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722

Trust: 1.7

url:https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes

Trust: 1.7

url:https://ics-cert.us-cert.gov/advisories/icsa-16-103-01

Trust: 1.7

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40161

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20160217-0002/

Trust: 1.7

url:https://sourceware.org/bugzilla/show_bug.cgi?id=18665

Trust: 1.7

url:https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html

Trust: 1.7

url:https://support.lenovo.com/us/en/product_security/len_5450

Trust: 1.7

url:https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17

Trust: 1.7

url:https://www.tenable.com/security/research/tra-2017-08

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=145672440608228&w=2

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=145596041017029&w=2

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=145857691004892&w=2

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=146161017210491&w=2

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=145690841819314&w=2

Trust: 1.6

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10150

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2015-7547

Trust: 1.2

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.8

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.8

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2015-7547

Trust: 0.7

url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf

Trust: 0.6

url:https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

Trust: 0.6

url:https://isc.sans.edu/diary/cve-2015-7547

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2016:0225

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2016:0277

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2016:0176

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2016:0175

Trust: 0.6

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160304-01-glibc-cn

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2340/

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022060049

Trust: 0.6

url:http://downloads.eucalyptus.com/software/eucalyptus/4.2/

Trust: 0.2

url:http://marc.info/?l=bugtraq&amp;m=145690841819314&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=145596041017029&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=145672440608228&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=145857691004892&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=146161017210491&amp;w=2

Trust: 0.1

url:https://kc.mcafee.com/corporate/index?page=content&amp;id=sb10150

Trust: 0.1

url:https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetse

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4877

Trust: 0.1

url:https://www.hpe.com/info/report-security-vulnerability

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2842

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6420

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0705

Trust: 0.1

url:https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0050

Trust: 0.1

url:https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0799

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.13

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/glibc/2.21-0ubuntu4.1

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-2900-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.7

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://helion.hpwsportal.com

Trust: 0.1

url:https://cloudos.hpwsportal.com/#/product/%7b%22productid%22%3a%222804%22%7d/s

Trust: 0.1

url:https://cloudos.hpwsportal.com/#/product/%7b%22productid%22%3a%222800%22%7d/s

Trust: 0.1

url:http://docs.hpcloud.com/#devplatform/2.0/gibcpatch/devplatform.glibc_patch.ht

Trust: 0.1

url:https://cloudos.hpwsportal.com/#/product/%7b%22productid%22%3a%222955%22%7d/s

Trust: 0.1

url:https://cloudos.hpwsportal.com/#/product/%7b%22productid%22%3a%222923%22%7d/s

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8776

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-8779

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39278

Trust: 0.1

url:https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0235

Trust: 0.1

url:https://www.moxa.com/en/about-us/corporate-responsibility

Trust: 0.1

url:https://seclists.org/oss-sec/2015/q1/274.

Trust: 0.1

url:https://sec-consult.com/contact/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-7423

Trust: 0.1

url:https://www.sec-consult.com

Trust: 0.1

url:https://sec-consult.com/vulnerability-lab/

Trust: 0.1

url:https://twitter.com/sec_consult

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-1234

Trust: 0.1

url:https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39279

Trust: 0.1

url:http://blog.sec-consult.com

Trust: 0.1

url:https://www.moxa.com/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1914

Trust: 0.1

url:https://sec-consult.com/career/

Trust: 0.1

url:http://192.168.1.1/forms/web_importtftp?servip=192.168.1.1&configpath=/&filename=name|`ping

Trust: 0.1

sources: CNVD: CNVD-2016-01100 // VULHUB: VHN-85508 // PACKETSTORM: 137112 // PACKETSTORM: 136985 // PACKETSTORM: 140605 // PACKETSTORM: 136881 // PACKETSTORM: 135801 // PACKETSTORM: 135791 // PACKETSTORM: 135853 // PACKETSTORM: 136325 // PACKETSTORM: 135800 // PACKETSTORM: 136976 // PACKETSTORM: 135971 // PACKETSTORM: 164014 // CNNVD: CNNVD-201602-348 // NVD: CVE-2015-7547

CREDITS

HP

Trust: 0.8

sources: PACKETSTORM: 137112 // PACKETSTORM: 136985 // PACKETSTORM: 140605 // PACKETSTORM: 136881 // PACKETSTORM: 135853 // PACKETSTORM: 136325 // PACKETSTORM: 136976 // PACKETSTORM: 135971

SOURCES

db:CNVDid:CNVD-2016-01100
db:VULHUBid:VHN-85508
db:PACKETSTORMid:137112
db:PACKETSTORMid:136985
db:PACKETSTORMid:140605
db:PACKETSTORMid:136881
db:PACKETSTORMid:135801
db:PACKETSTORMid:135791
db:PACKETSTORMid:135853
db:PACKETSTORMid:136325
db:PACKETSTORMid:135800
db:PACKETSTORMid:136976
db:PACKETSTORMid:135971
db:PACKETSTORMid:164014
db:CNNVDid:CNNVD-201602-348
db:NVDid:CVE-2015-7547

LAST UPDATE DATE

2025-03-29T20:08:35.005000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-01100date:2016-07-12T00:00:00
db:VULHUBid:VHN-85508date:2023-02-12T00:00:00
db:CNNVDid:CNNVD-201602-348date:2023-04-06T00:00:00
db:NVDid:CVE-2015-7547date:2024-11-21T02:36:57.503

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-01100date:2016-02-18T00:00:00
db:VULHUBid:VHN-85508date:2016-02-18T00:00:00
db:PACKETSTORMid:137112date:2016-05-18T23:31:21
db:PACKETSTORMid:136985date:2016-05-13T16:13:42
db:PACKETSTORMid:140605date:2017-01-19T13:56:50
db:PACKETSTORMid:136881date:2016-05-02T21:41:42
db:PACKETSTORMid:135801date:2016-02-17T01:01:26
db:PACKETSTORMid:135791date:2016-02-16T17:17:58
db:PACKETSTORMid:135853date:2016-02-19T22:33:00
db:PACKETSTORMid:136325date:2016-03-22T00:03:01
db:PACKETSTORMid:135800date:2016-02-17T01:01:16
db:PACKETSTORMid:136976date:2016-05-12T16:07:19
db:PACKETSTORMid:135971date:2016-02-26T19:32:00
db:PACKETSTORMid:164014date:2021-09-01T15:42:52
db:CNNVDid:CNNVD-201602-348date:2016-02-18T00:00:00
db:NVDid:CVE-2015-7547date:2016-02-18T21:59:00.120