A GNU C library (glibc) stack-based buffer overflow in getaddrinfo() vulnerability affects IBM Workload Deployer.
CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110662 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM Workload Deployer version 3.1 and later
The solution is to apply the following IBM Workload Deployer fix:
Upgrade the IBM Workload Deployer to the following fix level:
Product
|
VRMF
|
Remediation/First Fix
—|—|—
IBM Workload Deployer System| Release V3.1.0.7| V3.1.0.7 Interim fix11,
None