Impact of the GNU C Library getaddrinfo() Buffer Overflow Vulnerability (CVE-2015-7547) on EMC/RSA Products


On February 16, 2016, security researchers publicly disclosed a vulnerability in the Linux glibc library, which is commonly found in Linux-based operating systems. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used (CVE-2015-7547). A remote attacker could create specially crafted DNS responses, which could cause the library to crash or potentially execute code with the permissions of the user running the library.

Following the disclosure of this vulnerability, we immediately initiated a review of EMC Information Infrastructure and RSA products to assess any potential impact. We have published Knowledgebase articles on our customer accessible support websites that reflect the most up-to-date information from our review along with remediation plans, where needed:

We will continue to update the information as our review and remediation continues using our standard customer communication channels (including Security Advisories).

If customers would like further assistance accessing the articles, they can reach out to EMC support at [email protected] or RSA support at [email protected].

Continue Reading
Would you like to read more like this?

Related Posts

Click to Load More
All comments are moderated. Unrelated comments or requests for service will not be published, nor will any content deemed inappropriate, including but not limited to promotional and offensive comments. Please post your technical questions in the Support Forums or for customer service and technical support contact Dell EMC Support.