Impact of the GNU C Library getaddrinfo() Buffer Overflow Vulnerability (CVE-2015-7547) on EMC/RSA Products

On February 16, 2016, security researchers publicly disclosed a vulnerability in the Linux glibc library, which is commonly found in Linux-based operating systems. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used (CVE-2015-7547). A remote attacker could create specially … READ MORE

Eric Baize February 21st, 2016

Impact of the GNU glibc gethostbyname Function Buffer Overflow “GHOST” Vulnerability on EMC/RSA Products

The “Ghost” vulnerability (CVE-2015-0235) in the gethostbyname functions of the GNU C Library (glib), which is commonly found in Linux based operating systems, affects applications calling this function. In some special instances, the successful exploitation of this vulnerability could allow an attacker to perform remote code execution on a targeted … READ MORE

Reeny Sondhi January 29th, 2015

Impact of the OpenSSL Heartbleed vulnerability on EMC products

The Heartbleed vulnerability (CVE-2014-0160) affects the popular OpenSSL cryptographic software library used to secure internet communication. Following the release of this OpenSSL vulnerability, we immediately initiated a review of EMC Information Infrastructure and RSA products to assess any potential impact.

Reeny Sondhi April 11th, 2014

Software Security at EMC: The Journey So Far

As the lead of the Product Security Assurance team at EMC, I am often asked to talk about our software security practices. While previously we have shared our practices with industry presentations, SAFECode papers, etc., I thought now is as good a time as ever to write a blog post to … READ MORE

Reeny Sondhi June 25th, 2013

EMC’s Approach to Vulnerability Response

Let’s face it – real software products have security vulnerabilities! While building strong secure software development practices goes a long way towards detecting and helping to eliminate security vulnerabilities during the development process, a strong product security program also needs to be prepared to properly handle and respond to security … READ MORE

Reeny Sondhi December 14th, 2012
Click to Load More