Lucene search
IBM26454810BAB2B2872DB58C55ABB93998FFCE95FBE31F7FDAFABADEE9A66D107EHistoryJun 15, 2018 - 7:05 a.m.
Security Bulletin: Vulnerability in the GNU C Library (glibc) affects IBM API Management (CVE-2015-7547)
2018-06-1507:05:11
www.ibm.com
17
EPSS
0.974
Percentile
99.9%
Summary
IBM API Management is affected by a vulnerability in GNU glibc. This vulnerability is now fixed.
Vulnerability Details
CVEID: CVE-2015-7547**
DESCRIPTION:** GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the nss_dns backend for the getaddrinfo() function when performing dual A/AAAA DNS queries. By sending a specially crafted DNS response, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110662 for ontact support.the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM API Management V4.0
Remediation/Fixes
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM API Management| 4.0.0| LI78976| http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/IBM+API+Management&release=4.0.4.1&platform=All&function=fixId&fixids=4.0.4.1-APIManagement-ManagementAppliance-20160302-1342_PUB_IFIX_1.vcrypt2%3A67094276418854,4.0.4.1-APIManagement-ManagementAppliance-20160302-1342_PUB_IFIX_1.ova%3A67094276418854,4.0.4.1-APIManagement-AdvancedPortal-20160302-2359_PUB_IFIX_1.sh%3A67094276418854,4.0.4.1-APIManagement-AdvancedPortal-20160302-2359_PUB_IFIX_1.ova%3A67094276418854&includeSupersedes=0
Workarounds and Mitigations
None
Related
checkpoint_advisories
checkpoint_advisories
DNS Client Resolver glibc Buffer Overflow (CVE-2015-7547)
2016-02-18 00:00:00
redhat
redhat
(RHSA-2016:0225) Critical: glibc security update
2016-02-16 00:00:00
(RHSA-2016:0277) Critical: rhev-hypervisor security update
2016-02-19 00:00:00
(RHSA-2016:0175) Critical: glibc security and bug fix update
2016-02-16 00:00:00
nessus
nessus
Arista Networks EOS libresolv Overflow RCE (SA0017)
2018-02-28 00:00:00
F5 Networks BIG-IP : glibc vulnerability (K47098834)
2016-02-17 00:00:00
CentOS 6 : glibc (CESA-2016:0175)
2016-02-17 00:00:00
fortinet
fortinet
Glibc getaddrinfo() stack-overflow
2016-02-25 00:00:00
exploitpack
exploitpack
glibc - getaddrinfo Remote Stack Buffer Overflow
2016-09-06 00:00:00
glibc - getaddrinfo Stack Buffer Overflow (PoC)
2016-02-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package glibc version 6:2.17-alt8.M70P.1
2016-02-16 00:00:00
Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.5
2016-02-16 00:00:00
oraclelinux
oraclelinux
glibc security update
2016-02-16 00:00:00
glibc security and bug fix update
2016-02-16 00:00:00
glibc security update
2016-02-16 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2016-054-02)
2022-04-21 00:00:00
CentOS Update for glibc CESA-2016:0175 centos6
2016-02-17 00:00:00
Fedora Update for glibc FEDORA-2016-0
2016-02-18 00:00:00
huawei
huawei
Security Advisory - GNU Glibc Buffer Overflow Security Vulnerability
2016-03-04 00:00:00
Security Advisory - GNU Glibc Buffer Overflow Security Vulnerability
2016-03-04 00:00:00
exploitdb
exploitdb
glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)
2016-02-16 00:00:00
glibc - 'getaddrinfo' Remote Stack Buffer Overflow
2016-09-06 00:00:00
ibm
ibm
ics
ics
Siemens Industrial Products glibc Library Vulnerability (Update C)
2016-04-12 00:00:00
Siemens Industrial Products glibc Library Vulnerability (Update C)
2018-08-23 12:00:00
threatpost
threatpost
glibc Linux remote code execution vulnerability
2016-02-16 12:00:37
Magnitude of glibc Vulnerability Coming to Light
2016-02-17 16:01:47
intel
intel
Multiple Intel Software Products and Services impacted by CVE-2015-7547
2016-05-26 00:00:00
myhack58
myhack58
amazon
amazon
Critical: glibc
2016-02-16 06:00:00
veracode
veracode
Denial Of Service (DoS) Through C Dependency
2017-06-21 05:34:25
f5
f5
K47098834 : glibc vulnerability CVE-2015-7547
2016-02-17 00:00:00
SOL47098834 - glibc vulnerability CVE-2015-7547
2016-02-16 00:00:00
prion
prion
Stack overflow
2016-02-18 21:59:00
debiancve
debiancve
CVE-2015-7547
2016-02-18 21:59:00
zdt
zdt
glibc - getaddrinfo Stack Based Buffer Overflow (2)
2016-09-06 00:00:00
glibc - getaddrinfo Stack Based Buffer Overflow (1)
2016-02-16 00:00:00
packetstorm
packetstorm
glibc getaddrinfo Stack Buffer Overflow
2016-09-06 00:00:00
Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
2022-06-20 00:00:00
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
2021-09-01 00:00:00
ubuntucve
ubuntucve
CVE-2015-7547
2016-02-16 00:00:00
centos
centos
glibc, nscd security update
2016-02-17 00:39:19
glibc, nscd security update
2016-02-17 01:37:20
vmware
vmware
VMware product updates address a critical glibc security vulnerability
2016-02-22 00:00:00
VMware product updates address a critical glibc security vulnerability.
2016-02-22 00:00:00
ubuntu
ubuntu
GNU C Library vulnerability
2016-02-16 00:00:00
seebug
seebug
glibc getaddrinfo 栈缓冲区溢出漏洞(CVE-2015-7547)
2016-02-17 00:00:00
suse
suse
Security update for glibc (critical)
2016-02-19 12:11:34
Security update for glibc (critical)
2016-02-19 12:11:39
Security update for glibc (important)
2016-02-19 00:11:49
cve
cve
CVE-2015-7547
2016-02-18 21:59:00
paloalto
paloalto
Glibc DNS Resolver Vulnerability
2016-08-15 19:00:00
cert
cert
glibc vulnerable to stack buffer overflow in DNS resolver
2016-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: glibc-2.22-9.fc23
2016-02-17 14:21:52
[SECURITY] Fedora 22 Update: glibc-2.21-11.fc22
2016-02-17 12:51:37
citrix
citrix
CVE-2015-7547 - Citrix Security Advisory for glibc Vulnerability
2016-02-19 04:00:00
symantec
symantec
SA114 : GNU C Library (glibc) Remote Code Execution February 2016
2016-02-19 08:00:00
chrome
chrome
Stable Channel Update for Chrome OS
2016-02-18 00:00:00
cisco
cisco
Vulnerability in GNU glibc Affecting Cisco Products: February 2016
2016-02-18 20:22:00
nvd
nvd
CVE-2015-7547
2016-02-18 21:59:00
slackware
slackware
[slackware-security] glibc
2016-02-23 19:50:50
freebsd
freebsd
glibc -- getaddrinfo stack-based buffer overflow
2016-02-16 00:00:00
arista
arista
Security Advisory 0017
2016-02-16 00:00:00
cvelist
cvelist
CVE-2015-7547
2016-02-18 21:00:00
thn
thn
Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)
2016-02-16 21:27:00
debian
debian
[SECURITY] [DLA 416-1] eglibc security update
2016-02-16 16:49:24
[SECURITY] [DSA 3481-1] glibc security update
2016-02-16 14:18:27
[SECURITY] [DSA 3481-1] glibc security update
2016-02-16 14:18:27
osv
osv
eglibc - security update
2016-02-16 00:00:00
glibc - security update
2016-02-16 00:00:00
eglibc - security update
2016-02-16 00:00:00
archlinux
archlinux
lib32-glibc: multiple issues
2016-02-17 00:00:00
glibc: multiple issues
2016-02-17 00:00:00
mageia
mageia
Updated glibc packages fix security vulnerabilities
2016-02-19 11:40:43
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2016-02-17 00:00:00
kitploit
kitploit
oracle
oracle
Oracle Critical Patch Update Advisory - April 2016
2016-04-19 00:00:00
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00
githubexploit
githubexploit
Exploit for CVE-2014-4210
2022-03-19 01:54:15
Exploit for CVE-2014-4210
2022-03-19 01:54:15
EPSS
0.974
Percentile
99.9%
Related for 26454810BAB2B2872DB58C55ABB93998FFCE95FBE31F7FDAFABADEE9A66D107E