Lucene search

K
ibmIBM186826DEC64CEF861CABB6400E9E91E4A3DA403061721894238F233211663F6F
HistoryFeb 23, 2022 - 7:48 p.m.

Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Intrusion Prevention System (CVE-2015-0235)

2022-02-2319:48:26
www.ibm.com
36

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

Summary

GNU C library (glibc) vulnerability that has been referred to as GHOST affects IBM Security Netwoik Intrusion Prevention System.

Vulnerability Details

CVEID:CVE-2015-0235

**DESCRIPTION:**glibc is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the __nss_hostname_digits_dots() function. By sending an invalid hostname argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVSS Base Score: 7.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100386 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

Affected Products and Versions

Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000
Firmware versions: 4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3

Remediation/Fixes

4.6.2.0-ISS-ProvG-AllModels-System-FP0006
for all IBM Security Network Intrusion Prevention System products at Firmware version 4.6.2

4.6.1.0-ISS-ProvG-AllModels-System-FP0010
for all IBM Security Network Intrusion Prevention System products at Firmware version 4.6.1

4.6.0.0-ISS-ProvG-AllModels-System-FP0008
for all IBM Security Network Intrusion Prevention System products at Firmware version 4.6

4.5.0.0-ISS-ProvG-AllModels-System-FP0010
for all IBM Security Network Intrusion Prevention System products at Firmware version 4.5

4.4.0.0-ISS-ProvG-AllModels-System-FP0010
for all IBM Security Network Intrusion Prevention System products at Firmware version 4.4

4.3.0.0-ISS-ProvG-AllModels-System-FP0008
for all IBM Security Network Intrusion Prevention System products at Firmware version 4.3

Workarounds and Mitigations

None

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

Related for 186826DEC64CEF861CABB6400E9E91E4A3DA403061721894238F233211663F6F