Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3D3EE58E80C8983DECD0C51663BD74CB8497D9389FE462B6FD769F37D1357F58
HistoryJun 16, 2018 - 9:25 p.m.

Security Bulletin: Vulnerabilities in GNU glibc affect IBM Security Network Protection (CVE-2013-7423, and CVE-2015-1781)

2018-06-1621:25:43
www.ibm.com
9

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Summary

The GNU glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Security vulnerabilities have been discovered in glibc used with IBM Security Network Protection.

Vulnerability Details

CVE ID: CVE-2013-7423

DESCRIPTION: GNU glibc could allow a local attacker to obtain sensitive information, caused by the writing of DNS queries to random file descriptors under high load by the getaddrinfo() function. An attacker could exploit this vulnerability to obtain sensitive information.

CVSS Base Score: 1.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100647&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2015-1781

DESCRIPTION: GNU C Library (glibc) is vulnerable to a buffer overflow, caused by improper bounds checking by the gethostbyname_r() and other related functions. By sending a specially-crafted argument, a remote attacker could overflow a buffer and execute arbitrary code on the system elevated privileges or cause the application to crash.

CVSS Base Score: 5.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102500&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM Security Network Protection 5.2
IBM Security Network Protection 5.3

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Protection | Firmware version 5.2| Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0009 from IBM Fix Central and upload and install via the Available Updates page of the local management interface.
IBM Security Network Protection| Firmware version 5.3| Install Fixpack 5.3.1.1 from the Available Updates page of the local management interface, or by performing a One Time Scheduled Installation from SiteProtector.

Workarounds and Mitigations

None

Related

nessus 33
redhat 4
openvas 25
securityvulns 2
ibm 26
oraclelinux 2
amazon 2
centos 2
prion 2
ubuntucve 2
f5 4
cve 2
debiancve 2
mageia 1
debian 4
archlinux 1
checkpoint_advisories 1
suse 2
fedora 1
ubuntu 3
gentoo 1
zdt 1
packetstorm 1
osv 2
cloudfoundry 1
nessus
nessus
Oracle Linux 6 : glibc (ELSA-2015-0863)
2015-04-22 00:00:00
Mandriva Linux Security Advisory : glibc (MDVSA-2015:218)
2015-05-01 00:00:00
Amazon Linux AMI : glibc (ALAS-2015-513)
2015-04-27 00:00:00
redhat
redhat
(RHSA-2015:0863) Moderate: glibc security and bug fix update
2015-04-21 00:00:00
(RHSA-2015:2199) Moderate: glibc security, bug fix, and enhancement update
2015-11-19 14:39:58
(RHSA-2016:1207) Moderate: glibc security update
2016-06-07 05:18:46
openvas
openvas
RedHat Update for glibc RHSA-2015:0863-01
2015-04-22 00:00:00
CentOS Update for glibc CESA-2015:0863 centos6
2015-04-22 00:00:00
Oracle: Security Advisory (ELSA-2015-0863)
2015-10-06 00:00:00
securityvulns
securityvulns
GNU glibc security vulnerabilities
2015-05-05 00:00:00
[ MDVSA-2015:218 ] glibc
2015-05-05 00:00:00
ibm
ibm
Security Bulletin: TS3000 (TSSC/IMC) is affected by two issues for glibc (CVE-2015-1781, CVE-2013-7423 )
2018-06-18 00:09:39
Security Bulletin: Vulnerabilities in standard C library affect IBM DataPower Gateways (CVE-2013-7423, CVE-2015-1781)
2021-06-08 22:18:27
Security Bulletin: Vulnerability in Open Source GNU glibc affects IBM OS Images for Red Hat Linux Systems. (CVE-2013-7423)
2018-06-15 07:03:46
oraclelinux
oraclelinux
glibc security and bug fix update
2015-04-21 00:00:00
glibc security, bug fix, and enhancement update
2015-11-24 00:00:00
amazon
amazon
Medium: glibc
2015-04-22 16:12:00
Important: glibc
2015-12-14 10:00:00
centos
centos
glibc, nscd security update
2015-04-21 13:07:39
glibc, nscd security update
2015-11-30 19:30:07
prion
prion
Design/Logic Flaw
2015-02-24 15:59:00
Buffer overflow
2015-09-28 20:59:00
ubuntucve
ubuntucve
CVE-2013-7423
2015-02-24 00:00:00
CVE-2015-1781
2015-09-28 00:00:00
f5
f5
SOL16841 - GNU C Library (glibc) vulnerability CVE-2013-7423
2015-07-02 00:00:00
K16841 : GNU C Library (glibc) vulnerability CVE-2013-7423
2015-11-12 00:00:00
SOL16865 - GNU C Library (glibc) vulnerability CVE-2015-1781
2015-07-08 00:00:00
cve
cve
CVE-2013-7423
2015-02-24 15:59:00
CVE-2015-1781
2015-09-28 20:59:00
debiancve
debiancve
CVE-2013-7423
2015-02-24 15:59:00
CVE-2015-1781
2015-09-28 20:59:00
mageia
mageia
Updated glibc packages fix security vulnerabilities
2015-05-06 18:16:01
debian
debian
[SECURITY] [DLA 230-1] eglibc security update
2015-05-27 18:03:22
[SECURITY] [DSA 3480-1] eglibc security update
2016-02-16 14:18:16
[SECURITY] [DSA 3480-1] eglibc security update
2016-02-16 14:18:16
archlinux
archlinux
glibc: arbitrary code execution
2015-04-23 00:00:00
checkpoint_advisories
checkpoint_advisories
GNU C Library glibc getanswer_r Buffer Overflow (CVE-2015-1781)
2015-05-07 00:00:00
suse
suse
Security update for glibc (important)
2015-08-21 18:10:09
Security update for glibc (important)
2016-02-16 20:15:44
fedora
fedora
[SECURITY] Fedora 22 Update: glibc-2.21-11.fc22
2016-02-17 12:51:37
ubuntu
ubuntu
GNU C Library vulnerabilities
2015-02-26 00:00:00
GNU C Library regression
2016-05-26 00:00:00
GNU C Library vulnerabilities
2016-05-25 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2016-02-17 00:00:00
zdt
zdt
Moxa Command Injection / Cross Site Scripting Vulnerabilities
2021-09-01 00:00:00
packetstorm
packetstorm
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
2021-09-01 00:00:00
osv
osv
eglibc - security update
2016-02-16 00:00:00
eglibc - security update
2015-03-06 00:00:00
cloudfoundry
cloudfoundry
USN-2985-2 GNU C Library regression | Cloud Foundry
2016-06-13 00:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON
Related for 3D3EE58E80C8983DECD0C51663BD74CB8497D9389FE462B6FD769F37D1357F58
nessus33redhat4openvas25securityvulns2ibm26oraclelinux2amazon2centos2prion2ubuntucve2f54cve2debiancve2mageia1debian4archlinux1checkpoint_advisories1suse2fedora1ubuntu3gentoo1zdt1packetstorm1osv2cloudfoundry1