This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
NetWitness Knowledge Base Archive
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- NetWitness Community
- NetWitness Knowledge Base Archive
- Stack-based buffer overflow vulnerability with glibc getaddrinfo (CVE-2015-7547) in RSA products
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Stack-based buffer overflow vulnerability with glibc getaddrinfo (CVE-2015-7547) in RSA products
Article Number
000032579
Applies To
All RSA Products
Issue
CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow
On February 16, 2016, a vulnerability was publicly announced in the Linux glibc library. The vulnerability was independently discovered by researchers at Google and Red Hat. The glibc DNS client side resolver is potentially vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. A remote attacker could create specially crafted DNS responses, which could cause the library to crash or potentially execute code with the permissions of the user running the library.
This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2015-7547. The details for this vulnerability can be found using the link to Google blog post:
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
On February 16, 2016, a vulnerability was publicly announced in the Linux glibc library. The vulnerability was independently discovered by researchers at Google and Red Hat. The glibc DNS client side resolver is potentially vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. A remote attacker could create specially crafted DNS responses, which could cause the library to crash or potentially execute code with the permissions of the user running the library.
This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2015-7547. The details for this vulnerability can be found using the link to Google blog post:
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
Resolution
RSA is aware of and investigating this issue to identify the product impact. The level of impact may vary depending on the affected product. The following table contains the latest available impact information. This table will be updated as additional information becomes available.
| RSA Product Name | Versions | Impacted? | Details | Last Updated |
|---|---|---|---|---|
| 3D Secure / Adaptive Authentication eCommerce | All Supported | Impacted | Remediation plan in progress (tentative target date to patch: Feb 28) | 2/22/2016 |
| Access Manager | All Supported | Not Impacted | Software does not ship with any glibc files. Follow OS vendor guidelines to patch underlying host. | 2/22/2016 |
| Adaptive Authentication Hosted | All Supported | Impacted | Remediation plan in progress (tentative target date to patch: Feb 28) | 2/22/2016 |
| Adaptive Authentication On-Prem | All Supported | Not Impacted | AAoP is software only and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. | 2/25/2016 |
| Archer Hosted | N/A | Not Impacted | 2/22/2016 | |
| Archer Platform | All Supported | Not Impacted | 3/4/2016 | |
| Archer SecOps | All Supported | Not Impacted | 3/4/2016 | |
| Archer Vulnerability & Risk Manager (VRM) | All Supported | Not Impacted | 3/4/2016 | |
| Authentication Manager Software Platform | 7.1 SP4 | Not Impacted | Software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. | 2/18/2016 |
| Authentication Manager Appliance | 8.1 SP1 | Impacted | A hotfix or patch is being planned, tentative target date early Q2. Workaround is to disable the use of DNS. | 2/18/2016 |
| Authentication Manager Appliance | 3.0 SP4 | Not Impacted | 2/19/2016 | |
| BSAFE C Products: SSL-C, Cert-C, Crypto-C, MES, CCME | All Supported | Not Impacted | BSAFE products do not ship any specific glibc files. They are dependent on the libraries installed on the OS, follow OS vendor guidelines to patch. | 2/19/2016 |
| BSAFE Java Products: SSL-J, Cert-J, Crypto-J | All Supported | Not Impacted | BSAFE products do not ship any specific glibc files. They are dependent on the libraries installed on the OS, follow OS vendor guidelines to patch. | 2/19/2016 |
| Data Loss Prevention | 9.6 | Impacted - Remediated | This issue is fixed in DLP 9.6 SP2 P5 (see ESA-2016-043). DLP Datacenter, DLP Endpoint, and DLP Enterprise Manager are NOT impacted. | 4/27/2016 |
| Data Protection Manager | All Supported | Impacted - Remediated | This issue is fixed in DPM Appliance 3.5.2.4.3. For more details, see SCOL Advisory ESA-2016-014. | 2/22/2016 |
| DCS: Certificate Manager | All Supported | Not Impacted | RCM software does not ship with any glibc files. Follow OS vendor guidelines to patch underlying host if needed. | 2/18/2016 |
| DCS: Validation Manager | All Supported | Not Impacted | RVM software does not ship with any glibc files. Follow OS vendor guidelines to patch underlying host if needed. | 2/18/2016 |
| ECAT | All Supported | Not Impacted | ECAT does not statically link to glibc hence not impacted. | 3/1/2016 |
| eFraudNetwork (eFN) | All Supported | Impacted - Remediated | This issue has been fixed as of 2/24/2016 by applying a patch. | 3/28/2016 |
| Federated Identity Manager | All Supported | Not Impacted | Software does not ship with any glibc files. Follow OS vendor guidelines to patch underlying host. | 2/22/2016 |
| FraudAction (OTMS) | All Supported | Impacted | Remediation plan in progress (tentative target date to patch: Feb 28) | 2/22/2016 |
| RSA Central | All Supported | Not Impacted | 2/22/2016 | |
| RSA Live Infrastructure | All Supported | Impacted - Remediated | 2/24/2016 | |
| RSA Via Lifecycle and Governance SaaS (RSA Via L&G SaaS) | All Supported | Impacted - Remediated | 3/7/2016 | |
| RSA Via Lifecycle and Governance On-Prem Platform, RSA Identity Management & Governance On-Prem Platform | All Supported | Not Impacted | Software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. | 2/23/2016 |
| RSA Via Lifecycle and Governance Appliance, RSA Identity Management & Governance Appliance | All Supported | Impacted - Remediated | RHEL deployment not impacted. SUSE deployment is fixed with Appliance Updater - Q1 2016 Release (see SCOL Advisory ESA-2016-022). | 3/9/2016 |
| RSA Via L&G Data Access Governance (DAG), RSA IMG (Aveksa) Data Access Governance (DAG) | All Supported | Not Impacted | Software does not receive, perform or allow end users to craft DNS queries or responses in the way that would be subject to this vulnerability in any form. | 2/23/2016 |
| SecurID Agent for PAM | All Supported | Not Impacted | If installed on a Linux system, follow OS vendor guidelines to patch the underlying host | 2/19/2016 |
| SecurID Agent for Web | All Supported | Not Impacted | If installed on a Linux system, follow OS vendor guidelines to patch the underlying host | 2/19/2016 |
| SecurID Agent for Windows | All Supported | Not Impacted | 2/18/2016 | |
| SecurID Authentication Engine | All Supported | Not Impacted | If installed on a Linux system, follow OS vendor guidelines to patch the underlying host | 2/19/2016 |
| SecurID Authentication SDK | All Supported | Not Impacted | If building or executing an application built with an SDK on a Linux system, follow OS vendor guidelines to patch the underlying host | 2/19/2016 |
| SecurID Software Token Converter | All Supported | Not Impacted | 2/18/2016 | |
| SecurID Software Token for Android | All Supported | Not Impacted | 2/18/2016 | |
| SecurID Software Token for Blackberry | All Supported | Not Impacted | 2/18/2016 | |
| SecurID Software Token for Desktop | All Supported | Not Impacted | 2/18/2016 | |
| SecurID Software Token for iPhone | All Supported | Not Impacted | 2/18/2016 | |
| SecurID Software Token for Windows Mobile | All Supported | Not Impacted | 2/18/2016 | |
| SecurID Software Token Toolbar | All Supported | Not Impacted | If installed on a Linux system, follow OS vendor guidelines to patch the underlying host | 2/19/2016 |
| SecurID Software Token Web SDK | All Supported | Not Impacted | If building or executing an application built with an SDK on a Linux system, follow OS vendor guidelines to patch the underlying host | 2/19/2016 |
| SecurID Transaction Signing SDK | All Supported | Not Impacted | If building or executing an application built with an SDK on a Linux system, follow OS vendor guidelines to patch the underlying host | 2/19/2016 |
| Security Analytics (Physical and Virtual Appliances) | All Supported | Impacted - Remediated | This issue is fixed in patches 10.4.1.6 (see SCOL Note and release notes) and 10.5.2 (see ESA-2016-023). | 6/2/2016 |
| Security Analytics (Windows Legacy Collector) | All Supported | Not Impacted | 2/18/2016 | |
| Via Access IDR VM | All Supported | Impacted | This issue will be fixed in a patch (tentative target date March 5th) | 2/22/2016 |
| Via Access Cloud Service | All Supported | Impacted | This issue will be fixed after applying a patch (tentative target date March 5th) | 2/22/2016 |
| Web Threat Detection (SilverTail) | All Supported | Not Impacted | WTD software does not ship any specific glibc files. Follow OS vendor guidelines to patch underlying host. | 2/23/2016 |
Notes
Disclaimer
Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC distributes RSA Security Advisories, in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC distributes RSA Security Advisories, in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
No ratings
