var-201602-0004
Vulnerability from variot
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control.
- HP StoreVirtual VSA Software 12.6
- HP StoreVirtual 4130 600GB SAS Storage 12.6
- HP StoreVirtual 4130 600GB China SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6
- HP StoreVirtual 4330 450GB SAS Storage 12.6
- HP StoreVirtual 4330 900GB SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6
- HP StoreVirtual 4330 450GB China SAS Storage 12.6
- HP StoreVirtual 4330 900GB China SAS Storage 12.6
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 450GB SAS Storage 12.6
- HP StoreVirtual 4530 600GB SAS Storage 12.6
- HP StoreVirtual 4630 900GB SAS Storage 12.6
- HP StoreVirtual 4730 600GB SAS Storage 12.6
- HP StoreVirtual 4730 900GB SAS Storage 12.6
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4335 China Hybrid Storage 12.6
- HP StoreVirtual 4335 Hybrid Storage 12.6
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6
- HP StoreVirtual 4130 600GB China SAS Storage 12.6
- HP StoreVirtual 4130 600GB SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 450GB China SAS Storage 12.6
- HP StoreVirtual 4330 450GB SAS Storage 12.6
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 900GB China SAS Storage 12.6
- HP StoreVirtual 4330 900GB SAS Storage 12.6
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6
- HP StoreVirtual 4335 China Hybrid SAN Solution 12.6
- HP StoreVirtual 4335 China Hybrid Storage 12.6
- HP StoreVirtual 4335 Hybrid SAN Solution 12.6
- HP StoreVirtual 4335 Hybrid Storage 12.6
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6
- HP StoreVirtual 4530 450GB SAS Storage 12.6
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6
- HP StoreVirtual 4530 600GB SAS Storage 12.6
- HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4630 900GB SAS Storage 12.6
- HP StoreVirtual 4730 600GB SAS Storage 12.6
- HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4730 900GB SAS Storage 12.6
- HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2015-7547
5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI
d=emr_na-c01345499
RESOLUTION
HPE has made the following software updates available to resolve the vulnerability with glibc for all of the impacted HPE StoreVirtual products.
- LeftHand OS 12.6 - patch 56001
- LeftHand OS 12.5 - patch 55015
Notes:
- These patches will upgrade glibc to 2.12-1.166 to resolve this issue. ============================================================================ Ubuntu Security Notice USN-2900-1 February 16, 2016
eglibc, glibc vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
GNU C Library could be made to crash or run programs if it received specially crafted network traffic.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: libc6 2.21-0ubuntu4.1
Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.7
Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.13
After a standard system update you need to reboot your computer to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2900-1 CVE-2015-7547
Package Information: https://launchpad.net/ubuntu/+source/glibc/2.21-0ubuntu4.1 https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.7 https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.13 .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.17-i486-11_slack14.1.txz: Rebuilt. This update provides a patch to fix the stack-based buffer overflow in libresolv that could allow specially crafted DNS responses to seize control of execution flow in the DNS client (CVE-2015-7547). However, due to a patch applied to Slackware's glibc back in 2009 (don't use the gethostbyname4() lookup method as it was causing some cheap routers to misbehave), we were not vulnerable to that issue. Nevertheless it seems prudent to patch the overflows anyway even if we're not currently using the code in question. Thanks to mancha for the backported patch. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547 ( Security fix ) patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz: Rebuilt. patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz: Rebuilt. patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz: Rebuilt. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-11_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-11_slack14.1.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.23-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.23-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.23-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.23-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.23-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.23-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.23-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.23-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.1 packages: 4c56432d638adc8098661cfa818b5bc9 glibc-2.17-i486-11_slack14.1.txz 5c316d6b0a8970fe15fbdf2adff8de19 glibc-i18n-2.17-i486-11_slack14.1.txz a937d842e5ca3d0b125230c23285f8f4 glibc-profile-2.17-i486-11_slack14.1.txz 442f01d094d350612c1fb1fcb5e7fbe7 glibc-solibs-2.17-i486-11_slack14.1.txz
Slackware x86_64 14.1 packages: eec88d584a79909ec79aae1c43c330d3 glibc-2.17-x86_64-11_slack14.1.txz d8b396eb6ada65d1555e3cf0fb8246c2 glibc-i18n-2.17-x86_64-11_slack14.1.txz e7deaabfe3e467cbde10ba5b7748bbbb glibc-profile-2.17-x86_64-11_slack14.1.txz 629c93f0e510d354ff66e61f1ebe8b67 glibc-solibs-2.17-x86_64-11_slack14.1.txz
Slackware -current packages: b11873e4f851a600b57a2e7a2ac8f472 a/glibc-solibs-2.23-i586-1.txz 5116eec63fab5e7dbc58d27fecd48684 l/glibc-2.23-i586-1.txz ae9b8a8e4ead59aa398212d6893d7ddc l/glibc-i18n-2.23-i586-1.txz 61154e43ee4c0739dd5d3c4ce3b60ae6 l/glibc-profile-2.23-i586-1.txz
Slackware x86_64 -current packages: c48a55c8a39dc8e17e04796e4f160bd0 a/glibc-solibs-2.23-x86_64-1.txz 36104e1a004b0e97d193c2132f18222d l/glibc-2.23-x86_64-1.txz e0415f66d17323c8f6df339cfd49051b l/glibc-i18n-2.23-x86_64-1.txz f5433793e9da696a60f2445559f1d33f l/glibc-profile-2.23-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg glibc-*.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Weber, S. Cisco Small Business RV Series Routers offer virtual private networking (VPN) technology so your remote workers can connect to your network through a secure Internet pathway."
Source: https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html
Business recommendation:
We want to thank Cisco for the very quick and professional response and great coordination. Customers are urged to update the firmware of their devices.
Vulnerability overview/description:
1) Hardcoded Credentials The device contains hardcoded users and passwords which can be used to login via SSH on an emulated device at least.
During the communication with Cisco it turned out that: "Accounts like the 'debug-admin' and 'root' can not be accessed from console port, CLI or webui". Therefore, these accounts had no real functionality and cannot be used for malicious actions. The outdated version was found by IoT Inspector. The outdated version was found by IoT Inspector.
4) Multiple Vulnerabilities - IoT Inspector Report Further information can be found in IoT Inspector report: https://r.sec-consult.com/ciscoiot
Proof of concept:
1) Hardcoded Credentials The following hardcoded hashes were found in the 'shadow' file of the firmware: root:$1$hPNSjUZA$7eKqEpqVYltt9xJ6f0OGf0:15533:0:99999:7::: debug-admin:$1$.AAm0iJ4$na9wZwly9pSrdS8MhcGKw/:15541:0:99999:7::: [...]
The undocumented user 'debug-admin' is also contained in this file.
Starting the dropbear daemon as background process on emulated firmware:
dropbear -E
[1109] Running in background
[1112] Child connection from :52718
[1112]
Log on via another host connected to the same network. For this PoC the password of the debug-admin was changed in the 'shadow' file.
[root@localhost medusa]# ssh debug-admin@
BusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)
/tmp $
The 'debug-admin' user has the same privileges like 'root'. This can be determined from the corresponding sudoers file in the firmware: [...]
User privilege specification
root ALL=(ALL) ALL debug-admin ALL=(ALL) ALL
Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
[...]
During the communication with Cisco it turned out that: "Accounts like the 'debug-admin' and 'root' can not be accessed from console port, CLI or webui". Therefore, these accounts had no real functionality and cannot be used for malicious actions.
python cve-2015-7547-poc.py &
[1] 961
chroot /medusa_rootfs/ bin/ash
BusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)
gdb cve-2015-7547_glibc_getaddrinfo
[...] [UDP] Total Data len recv 36 [UDP] Total Data len recv 36 Connected with 127.0.0.1:41782 [TCP] Total Data len recv 76 [TCP] Request1 len recv 36 [TCP] Request2 len recv 36 Cannot access memory at address 0x4
Program received signal SIGSEGV, Segmentation fault.
ls "pressing "
test ]55;test.txt
4) Multiple Vulnerabilities - IoT Inspector Report Further information can be found in IoT Inspector report: https://r.sec-consult.com/ciscoiot
The summary is below: IoT Inspector Vulnerability #1 BusyBox CVE entries Outdated BusyBox version is affected by 7 published CVEs.
IoT Inspector Vulnerability #2 curl CVE entries Outdated curl version is affected by 35 published CVEs.
IoT Inspector Vulnerability #9 Linux Kernel Privilege Escalation “pp_key” Outdated Linux Kernel version is affected by CVE-2015-7547.
IoT Inspector Vulnerability #10 OpenSSL CVE entries Outdated OpenSSL version affected by 6 published CVEs. Clarification which of the reported issues will be fixed. The vendor added the RV160 and RV260 router series to be vulnerable to the same issues too.
Solution:
Upgrade to the newest available firmware version.
Additionally, the vendor provides the following security notice: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sb-vpnrouter
Workaround:
None. Weber / @2019
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05128937
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05128937 Version: 1
HPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2016-05-11 Last Updated: 2016-05-11
Potential Security Impact: Remote Arbitrary Code Execution, Denial of Service (DoS)
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY HPE 3PAR OS has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). This vulnerability could be remotely exploited to cause Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library.
References:
- CVE-2015-7547
- PSRT110105
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HPE 3PAR OS versions 3.1.3 and later, prior to 3.2.1 MU5 and 3.2.2 MU2 using glibc
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2015-7547 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HPE has provided the following software updates and mitigation information to resolve the vulnerability in 3PAR OS using glibc.
-
3PAR OS 3.2.1 MU5 and 3.2.2 MU2
- HPE recommends prior impacted versions update to 3PAR OS 3.2.1 MU 5 or 3.2.2 MU2.
- glibc has been updated in these releases to resolve the glibc vulnerability.
-
3PAR OS 3.1.3 is also vulnerable but will not be fixed.
Mitigation: The best protection to guard against exploitation of this vulnerability is to securely configure and operate the storage array in accordance with the HPE 3PAR Configuration Guidelines documentation. Please contact HPE Technical Support for assistance.
HISTORY Version:1 (rev.1) - 11 May 2016 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJXM6AtAAoJEGIGBBYqRO9/QioH/RZSc5YPunh3BS9OpwmTeeib 2B1ScjFu60S0m4w66Zpy3j4K4OX0o1VyXLmJQogGAS0E+/rnpAiMxjUWJA7DMQ3W AMRtz7Vpbrq2oz7v/q3/w2HkPpMAq3UOrTseN9sNPRzuTCVdsY4LZw/qVlpXWPvb 1Z+M5s0LMk1Y8+GSjx3+4E+LmqUBccn1HfCDH4MddvBxM+HvFepAxnzsAyLc+lFM 4jgch19LAbteSbPIubEPUyJIX0Ync7JF4AXdg2dHhOWZLV9rcHbijDr+VUo1sXYK xLMdC6RH+VpGqUmLd2auoS8rhRn58ytxRSnqkOQ2a6vcOsUyHl/3RJzAOmH52Lg= =pCEE -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201602-02
https://security.gentoo.org/
Severity: High Title: GNU C Library: Multiple vulnerabilities Date: February 17, 2016 Bugs: #516884, #517082, #521932, #529982, #532874, #538090, #538814, #540070, #541246, #541542, #547296, #552692, #574880 ID: 201602-02
Synopsis
Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-libs/glibc < 2.21-r2 >= 2.21-r2
Description
Multiple vulnerabilities have been discovered in the GNU C Library:
- The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547).
- The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776).
- An integer overflow was found in the __hcreate_r() function (CVE-2015-8778).
- Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779).
Please review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information.
Workaround
A number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below.
Resolution
All GNU C Library users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.21-r2"
It is important to ensure that no running process uses the old glibc anymore. The easiest way to achieve that is by rebooting the machine after updating the sys-libs/glibc package.
Note: Should you run into compilation failures while updating, please see bug 574948.
References
[ 1 ] CVE-2013-7423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7423 [ 2 ] CVE-2014-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475 [ 3 ] CVE-2014-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475 [ 4 ] CVE-2014-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5119 [ 5 ] CVE-2014-6040 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6040 [ 6 ] CVE-2014-7817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7817 [ 7 ] CVE-2014-8121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8121 [ 8 ] CVE-2014-9402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9402 [ 9 ] CVE-2015-1472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1472 [ 10 ] CVE-2015-1781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1781 [ 11 ] CVE-2015-7547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7547 [ 12 ] CVE-2015-8776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8776 [ 13 ] CVE-2015-8778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8778 [ 14 ] CVE-2015-8779 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8779 [ 15 ] Google Online Security Blog: "CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow"
https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-geta= ddrinfo-stack.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201602-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . SEC Consult Vulnerability Lab Security Advisory < 20210901-0 > ======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number: CVE-2021-39278, CVE-2021-39279 impact: High homepage: https://www.moxa.com/ found: 2020-08-31 by: T. Weber (Office Vienna) SEC Consult Vulnerability Lab
An integrated part of SEC Consult, an Atos company
Europe | Asia | North America
https://www.sec-consult.com
=======================================================================
Vendor description:
"Together, We Create Change
Moxa is committed to making a positive impact around the world. We put our all behind this commitment--from our employees, to our products and supply chain.
In our local communities, we nurture and support the spirit of volunteering. We encourage our employees to contribute to community development, with an emphasis on ecology, education, and health.
In our products, we invest in social awareness programs and environment-friendly policies at every stage of the product lifecycle. We make sure our manufacturing meets the highest standards with regards to quality, ethics, and sustainability."
Source: https://www.moxa.com/en/about-us/corporate-responsibility
Business recommendation:
SEC Consult recommends to immediately apply the available patches from the vendor. A thorough security review should be performed by security professionals to identify further potential security issues.
Vulnerability overview/description:
1) Authenticated Command Injection (CVE-2021-39279) An authenticated command injection vulnerability can be triggered by issuing a GET request to the "/forms/web_importTFTP" CGI program which is available on the web interface. An attacker can abuse this vulnerability to compromise the operating system of the device. This issue was found by emulating the firmware of the device.
2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278) Via a crafted config-file, a reflected cross-site scripting vulnerability can be exploited in the context of the victim's browser. This config-file can be uploaded to the device via the "Config Import Export" tab in the main menu.
3) Known GNU glibc Vulnerabilities (CVE-2015-0235) The used GNU glibc in version 2.9 is outdated and contains multiple known vulnerabilities. One of the discovered vulnerabilities (CVE-2015-0235, gethostbyname "GHOST" buffer overflow) was verified by using the MEDUSA scalable firmware runtime.
4) Multiple Outdated Software Components Multiple outdated software components containing vulnerabilities were found by the IoT Inspector.
The vulnerabilities 1), 2) and 3) were manually verified on an emulated device by using the MEDUSA scalable firmware runtime.
Proof of concept:
1) Authenticated Command Injection (CVE-2021-39279) The vulnerability can be triggered by navigating in the web interface to the tab:
"Main Menu"->"Maintenance"->"Config Import Export"
The "TFTP Import" menu is prone to command injection via all parameters. To exploit the vulnerability, an IP address, a configuration path and a filename must be set. If the filename is used to trigger the exploit, the payload in the interceptor proxy would be:
http://192.168.1.1/forms/web_importTFTP?servIP=192.168.1.1&configPath=/&fileName=name|ping localhost -c 100
2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278) The vulnerability can be triggered by navigating in the web interface to the tab:
"Main Menu"->"Maintenance"->"Config Import Export"
The "Config Import" menu is prone to reflected cross-site scripting via the upload of config files. Example of malicious config file:
[board] deviceName="WAC-2004_0000" deviceLocation="" [..]
Uploading such a crafted file triggers cross-site scripting as the erroneous value is displayed without filtering characters.
3) Known GNU glibc Vulnerabilities (CVE-2015-0235) GNU glibc version 2.9 contains multiple CVEs like: CVE-2016-1234, CVE-2015-7547, CVE-2013-7423, CVE-2013-1914, and more.
The gethostbyname buffer overflow vulnerability (GHOST) was checked with the help of the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was compiled and executed on the emulated device to test the system.
4) Multiple Outdated Software Components The IoT Inspector recognized multiple outdated software components with known vulnerabilities:
BusyBox 1.18.5 06/2011 Dropbear SSH 2011.54 11/2011 GNU glibc 2.9 02/2009 Linux Kernel 2.6.27 10/2008 OpenSSL 0.9.7g 04/2005 Only found in the program "iw_director" OpenSSL 1.0.0 03/2010
Vulnerable / tested versions:
The following firmware versions for various devices have been identified to be vulnerable: * WAC-2004 / 1.7 * WAC-1001 / 2.1 * WAC-1001-T / 2.1 * OnCell G3470A-LTE-EU / 1.7 * OnCell G3470A-LTE-EU-T / 1.7 * TAP-323-EU-CT-T / 1.3 * TAP-323-US-CT-T / 1.3 * TAP-323-JP-CT-T / 1.3 * WDR-3124A-EU / 2.3 * WDR-3124A-EU-T / 2.3 * WDR-3124A-US / 2.3 * WDR-3124A-US-T / 2.3
Vendor contact timeline:
2020-10-09: Contacting vendor through moxa.csrt@moxa.com. 2020-10-12: Contact sends PGP key for encrypted communication and asks for the detailed advisory. Sent encrypted advisory to vendor. 2020-11-06: Status update from vendor regarding technical analysis. Vendor requested more time for fixing the vulnerabilities as more products are affected. 2020-11-09: Granted more time for fixing to vendor. 2020-11-10: Vendor asked for next steps regarding the advisory publication. 2020-11-11: Asked vendor for an estimation when a public disclosure is possible. 2020-11-16: Vendor responded that the product team can give a rough feedback. 2020-11-25: Asked for a status update. 2020-11-25: Vendor responded that the investigation is not done yet. 2020-12-14: Vendor provided a list of potential affected devices and stated that full investigation may take until January 2021 due to the list of CVEs that were provided with the appended IoT Inspector report. The patches may be available until June 2021. 2020-12-15: Shifted next status update round with vendor on May 2021. 2020-12-23: Vendor provided full list of affected devices. 2021-02-05: Vendor sieved out the found issues from 4) manually and provided a full list of confirmed vulnerabilities. WAC-2004 phased-out in 2019. 2021-02-21: Confirmed receive of vulnerabilities, next status update in May 2021. 2021-06-10: Asking for an update. 2021-06-15: Vendor stated, that the update will be provided in the next days. 2021-06-21: Vendor will give an update in the next week as Covid gets worse in Taiwan. 2021-06-23: Vendor stated, that patches are under development. Vendor needs more time to finish the patches. 2021-06-24: Set release date to 2021-09-01. 2021-07-02: Vendor provides status updates. 2021-08-16: Vendor provides status updates. 2021-08-17: Vendor asks for CVE IDs and stated, that WDR-3124A has phased-out. 2021-08-20: Sent assigned CVE-IDs to vendor. Asked for fixed version numbers. 2021-08-31: Vendor provides fixed firmware version numbers and the advisory links. 2021-09-01: Coordinated release of security advisory.
Solution:
According to the vendor the following patches must be applied to fix issues: * WAC-1001 / 2.1.5 * WAC-1001-T / 2.1.5 * OnCell G3470A-LTE-EU / 1.7.4 * OnCell G3470A-LTE-EU-T / 1.7.4 * TAP-323-EU-CT-T / 1.8.1 * TAP-323-US-CT-T / 1.8.1 * TAP-323-JP-CT-T / 1.8.1
The Moxa Technical Support must be contacted for requesting the security patches.
The corresponding security advisories for the affected devices are available on the vendor's website: TAP-323/WAC-1001/WAC-2004 https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities OnCell G3470A-LTE/WDR-3124A https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities
The following device models are EOL and should be replaced: * WAC-2004 * WDR-3124A-EU * WDR-3124A-EU-T * WDR-3124A-US * WDR-3124A-US-T
Workaround:
None.
Advisory URL:
https://sec-consult.com/vulnerability-lab/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Vulnerability Lab
SEC Consult, an Atos company Europe | Asia | North America
About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an Atos company. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://sec-consult.com/career/
Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://sec-consult.com/contact/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult
EOF Thomas Weber / @2021
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 2.0,
"vendor": "suse",
"version": "12"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.11.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.21"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.14.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.16"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.18"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.22"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.11"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.19"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.20"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.6,
"vendor": "gnu",
"version": "2.10.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "big-ip application security manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "unified threat management software",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "9.319"
},
{
"model": "big-ip application acceleration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "enterprise linux hpc node eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "2.1.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.14"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "1.1.1"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.10"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12.2"
},
{
"model": "server migration pack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "7.5"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.15"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "big-ip policy enforcement manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "helion openstack",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "2.0.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.3"
},
{
"model": "unified threat management software",
"scope": "eq",
"trust": 1.0,
"vendor": "sophos",
"version": "9.355"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "big-ip access policy manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "fujitsu m10",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2290"
},
{
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.11.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.17"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11.0"
},
{
"model": "big-ip domain name system",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 1.0,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.9"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.12"
},
{
"model": "glibc",
"scope": "eq",
"trust": 1.0,
"vendor": "gnu",
"version": "2.13"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "android open source",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "arista",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "blue coat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "centos",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnu glibc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": "glibc",
"scope": "gt",
"trust": 0.6,
"vendor": "gnu",
"version": "2.9"
},
{
"model": "ape",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "basic rt",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "rox ii os",
"scope": "gte",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.3.0\u003c=v2.9.0"
},
{
"model": "scalance m-800 s615",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "/"
},
{
"model": "sinema remote connect",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#457759"
},
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "T. Weber",
"sources": [
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "164014"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348"
}
],
"trust": 0.8
},
"cve": "CVE-2015-7547",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7547",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.1,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7547",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "TEMPORARY FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01100",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85508",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2015-7547",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7547",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7547",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-01100",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-348",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85508",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#457759"
},
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control. \n\n - HP StoreVirtual VSA Software 12.6\n - HP StoreVirtual 4130 600GB SAS Storage 12.6\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6\n - HP StoreVirtual 4330 450GB SAS Storage 12.6\n - HP StoreVirtual 4330 900GB SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 450GB SAS Storage 12.6\n - HP StoreVirtual 4530 600GB SAS Storage 12.6\n - HP StoreVirtual 4630 900GB SAS Storage 12.6\n - HP StoreVirtual 4730 600GB SAS Storage 12.6\n - HP StoreVirtual 4730 900GB SAS Storage 12.6\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4335 China Hybrid Storage 12.6\n - HP StoreVirtual 4335 Hybrid Storage 12.6\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6\n - HP StoreVirtual 4130 600GB SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6\n - HP StoreVirtual 4330 450GB SAS Storage 12.6\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6\n - HP StoreVirtual 4330 900GB SAS Storage 12.6\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6\n - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6\n - HP StoreVirtual 4335 China Hybrid Storage 12.6\n - HP StoreVirtual 4335 Hybrid SAN Solution 12.6\n - HP StoreVirtual 4335 Hybrid Storage 12.6\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4530 450GB SAS Storage 12.6\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6\n - HP StoreVirtual 4530 600GB SAS Storage 12.6\n - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4630 900GB SAS Storage 12.6\n - HP StoreVirtual 4730 600GB SAS Storage 12.6\n - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4730 900GB SAS Storage 12.6\n - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2015-7547\n 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\n https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI\nd=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates available to resolve the\nvulnerability with glibc for all of the impacted HPE StoreVirtual products. \n\n - LeftHand OS 12.6 - patch 56001\n - LeftHand OS 12.5 - patch 55015\n\n **Notes:**\n\n - These patches will upgrade glibc to 2.12-1.166 to resolve this issue. ============================================================================\nUbuntu Security Notice USN-2900-1\nFebruary 16, 2016\n\neglibc, glibc vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nGNU C Library could be made to crash or run programs if it received\nspecially crafted network traffic. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n libc6 2.21-0ubuntu4.1\n\nUbuntu 14.04 LTS:\n libc6 2.19-0ubuntu6.7\n\nUbuntu 12.04 LTS:\n libc6 2.15-0ubuntu10.13\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2900-1\n CVE-2015-7547\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/glibc/2.21-0ubuntu4.1\n https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.7\n https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.13\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/glibc-2.17-i486-11_slack14.1.txz: Rebuilt. \n This update provides a patch to fix the stack-based buffer overflow in\n libresolv that could allow specially crafted DNS responses to seize\n control of execution flow in the DNS client (CVE-2015-7547). However,\n due to a patch applied to Slackware\u0027s glibc back in 2009 (don\u0027t use the\n gethostbyname4() lookup method as it was causing some cheap routers to\n misbehave), we were not vulnerable to that issue. Nevertheless it seems\n prudent to patch the overflows anyway even if we\u0027re not currently using\n the code in question. Thanks to mancha for the backported patch. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547\n (* Security fix *)\npatches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz: Rebuilt. \npatches/packages/glibc-profile-2.17-i486-11_slack14.1.txz: Rebuilt. \npatches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz: Rebuilt. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-11_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-11_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-11_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.23-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.23-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.23-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.23-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.23-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.23-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.23-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.23-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.1 packages:\n4c56432d638adc8098661cfa818b5bc9 glibc-2.17-i486-11_slack14.1.txz\n5c316d6b0a8970fe15fbdf2adff8de19 glibc-i18n-2.17-i486-11_slack14.1.txz\na937d842e5ca3d0b125230c23285f8f4 glibc-profile-2.17-i486-11_slack14.1.txz\n442f01d094d350612c1fb1fcb5e7fbe7 glibc-solibs-2.17-i486-11_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\neec88d584a79909ec79aae1c43c330d3 glibc-2.17-x86_64-11_slack14.1.txz\nd8b396eb6ada65d1555e3cf0fb8246c2 glibc-i18n-2.17-x86_64-11_slack14.1.txz\ne7deaabfe3e467cbde10ba5b7748bbbb glibc-profile-2.17-x86_64-11_slack14.1.txz\n629c93f0e510d354ff66e61f1ebe8b67 glibc-solibs-2.17-x86_64-11_slack14.1.txz\n\nSlackware -current packages:\nb11873e4f851a600b57a2e7a2ac8f472 a/glibc-solibs-2.23-i586-1.txz\n5116eec63fab5e7dbc58d27fecd48684 l/glibc-2.23-i586-1.txz\nae9b8a8e4ead59aa398212d6893d7ddc l/glibc-i18n-2.23-i586-1.txz\n61154e43ee4c0739dd5d3c4ce3b60ae6 l/glibc-profile-2.23-i586-1.txz\n\nSlackware x86_64 -current packages:\nc48a55c8a39dc8e17e04796e4f160bd0 a/glibc-solibs-2.23-x86_64-1.txz\n36104e1a004b0e97d193c2132f18222d l/glibc-2.23-x86_64-1.txz\ne0415f66d17323c8f6df339cfd49051b l/glibc-i18n-2.23-x86_64-1.txz\nf5433793e9da696a60f2445559f1d33f l/glibc-profile-2.23-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg glibc-*.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. Weber, S. Cisco Small\nBusiness RV Series Routers offer virtual private networking (VPN) technology\nso your remote workers can connect to your network through a secure Internet\npathway.\"\n\nSource: https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html\n\n\nBusiness recommendation:\n------------------------\nWe want to thank Cisco for the very quick and professional response and great\ncoordination. Customers are urged to update the firmware of their devices. \n\n\nVulnerability overview/description:\n-----------------------------------\n1) Hardcoded Credentials\nThe device contains hardcoded users and passwords which can be used to login\nvia SSH on an emulated device at least. \n\nDuring the communication with Cisco it turned out that:\n\"Accounts like the \u0027debug-admin\u0027 and \u0027root\u0027 can not be accessed\nfrom console port, CLI or webui\". \nTherefore, these accounts had no real functionality and cannot be used for\nmalicious actions. The outdated version was found by IoT Inspector. The outdated version was found by IoT Inspector. \n\n\n4) Multiple Vulnerabilities - IoT Inspector Report\nFurther information can be found in IoT Inspector report:\nhttps://r.sec-consult.com/ciscoiot\n\n\nProof of concept:\n-----------------\n1) Hardcoded Credentials\nThe following hardcoded hashes were found in the \u0027shadow\u0027 file of the firmware:\nroot:$1$hPNSjUZA$7eKqEpqVYltt9xJ6f0OGf0:15533:0:99999:7:::\ndebug-admin:$1$.AAm0iJ4$na9wZwly9pSrdS8MhcGKw/:15541:0:99999:7:::\n[...]\n\nThe undocumented user \u0027debug-admin\u0027 is also contained in this file. \n\nStarting the dropbear daemon as background process on emulated firmware:\n-------------------------------------------------------------------------------\n# dropbear -E\n# [1109] \u003ctimestamp\u003e Running in background\n#\n# [1112] \u003ctimestamp\u003e Child connection from \u003cIP\u003e:52718\n[1112] \u003ctimestamp\u003e /var must be owned by user or root, and not writable by others\n[1112] \u003ctimestamp\u003e Password auth succeeded for \u0027debug-admin\u0027 from \u003cIP\u003e:52718\n-------------------------------------------------------------------------------\n\nLog on via another host connected to the same network. For this PoC the\npassword of the debug-admin was changed in the \u0027shadow\u0027 file. \n-------------------------------------------------------------------------------\n[root@localhost medusa]# ssh debug-admin@\u003cIP\u003e /bin/ash -i\ndebug-admin@\u003cIP\u003e\u0027s password:\n/bin/ash: can\u0027t access tty; job control turned off\n\n\nBusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)\n\n/tmp $\n-------------------------------------------------------------------------------\n\nThe \u0027debug-admin\u0027 user has the same privileges like \u0027root\u0027. This can be\ndetermined from the corresponding sudoers file in the firmware:\n[...]\n## User privilege specification\n##\nroot ALL=(ALL) ALL\ndebug-admin ALL=(ALL) ALL\n\n## Uncomment to allow members of group wheel to execute any command\n# %wheel ALL=(ALL) ALL\n[...]\n\nDuring the communication with Cisco it turned out that:\n\"Accounts like the \u0027debug-admin\u0027 and \u0027root\u0027 can not be accessed\nfrom console port, CLI or webui\". \nTherefore, these accounts had no real functionality and cannot be used for\nmalicious actions. \n\n# python cve-2015-7547-poc.py \u0026\n[1] 961\n# chroot /medusa_rootfs/ bin/ash\n\n\nBusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)\n\n# gdb cve-2015-7547_glibc_getaddrinfo\n[...]\n[UDP] Total Data len recv 36\n[UDP] Total Data len recv 36\nConnected with 127.0.0.1:41782\n[TCP] Total Data len recv 76\n[TCP] Request1 len recv 36\n[TCP] Request2 len recv 36\nCannot access memory at address 0x4\n\nProgram received signal SIGSEGV, Segmentation fault. \n-------------------------------------------------------------------------------\n# ls \"pressing \u003cTAB\u003e\"\ntest\n]55;test.txt\n#\n-------------------------------------------------------------------------------\n\n4) Multiple Vulnerabilities - IoT Inspector Report\nFurther information can be found in IoT Inspector report:\nhttps://r.sec-consult.com/ciscoiot\n\nThe summary is below:\nIoT Inspector Vulnerability #1 BusyBox CVE entries\nOutdated BusyBox version is affected by 7 published CVEs. \n\nIoT Inspector Vulnerability #2 curl CVE entries\nOutdated curl version is affected by 35 published CVEs. \n\nIoT Inspector Vulnerability #9 Linux Kernel Privilege Escalation \u201cpp_key\u201d\nOutdated Linux Kernel version is affected by CVE-2015-7547. \n\nIoT Inspector Vulnerability #10 OpenSSL CVE entries\nOutdated OpenSSL version affected by 6 published CVEs. \n Clarification which of the reported issues will be fixed. The vendor added the RV160 and RV260\n router series to be vulnerable to the same issues too. \n\n\nSolution:\n---------\nUpgrade to the newest available firmware version. \n\nAdditionally, the vendor provides the following security notice:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sb-vpnrouter\n\n\nWorkaround:\n-----------\nNone. Weber / @2019\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05128937\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05128937\nVersion: 1\n\nHPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS),\nArbitrary Code Execution\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-05-11\nLast Updated: 2016-05-11\n\nPotential Security Impact: Remote Arbitrary Code Execution, Denial of Service\n(DoS)\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nHPE 3PAR OS has addressed stack based buffer overflows in glibc\u0027s\nimplementation of getaddrinfo(). This vulnerability could be remotely\nexploited to cause Denial of Service (DoS) or allow execution of arbitrary\ncode on the host with the permissions of a user running glibc library. \n\nReferences:\n\n - CVE-2015-7547\n - PSRT110105\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHPE 3PAR OS versions 3.1.3 and later, prior to 3.2.1 MU5 and 3.2.2 MU2 using\nglibc\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2015-7547 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has provided the following software updates and mitigation information to\nresolve the vulnerability in 3PAR OS using glibc. \n\n+ 3PAR OS 3.2.1 MU5 and 3.2.2 MU2\n\n - HPE recommends prior impacted versions update to 3PAR OS 3.2.1 MU 5 or\n3.2.2 MU2. \n - glibc has been updated in these releases to resolve the glibc\nvulnerability. \n\n+ 3PAR OS 3.1.3 is also vulnerable but will not be fixed. \n\n **Mitigation:** The best protection to guard against exploitation of this\nvulnerability is to securely configure and operate the storage array in\naccordance with the *HPE 3PAR Configuration Guidelines* documentation. Please\ncontact HPE Technical Support for assistance. \n\nHISTORY\nVersion:1 (rev.1) - 11 May 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBAgAGBQJXM6AtAAoJEGIGBBYqRO9/QioH/RZSc5YPunh3BS9OpwmTeeib\n2B1ScjFu60S0m4w66Zpy3j4K4OX0o1VyXLmJQogGAS0E+/rnpAiMxjUWJA7DMQ3W\nAMRtz7Vpbrq2oz7v/q3/w2HkPpMAq3UOrTseN9sNPRzuTCVdsY4LZw/qVlpXWPvb\n1Z+M5s0LMk1Y8+GSjx3+4E+LmqUBccn1HfCDH4MddvBxM+HvFepAxnzsAyLc+lFM\n4jgch19LAbteSbPIubEPUyJIX0Ync7JF4AXdg2dHhOWZLV9rcHbijDr+VUo1sXYK\nxLMdC6RH+VpGqUmLd2auoS8rhRn58ytxRSnqkOQ2a6vcOsUyHl/3RJzAOmH52Lg=\n=pCEE\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201602-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: GNU C Library: Multiple vulnerabilities\n Date: February 17, 2016\n Bugs: #516884, #517082, #521932, #529982, #532874, #538090,\n #538814, #540070, #541246, #541542, #547296, #552692, #574880\n ID: 201602-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the GNU C library, the\nworst allowing for remote execution of arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 sys-libs/glibc \u003c 2.21-r2 \u003e= 2.21-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in the GNU C Library:\n\n* The Google Security Team and Red Hat discovered a stack-based buffer\n overflow in the send_dg() and send_vc() functions due to a buffer\n mismanagement when getaddrinfo() is called with AF_UNSPEC\n (CVE-2015-7547). \n* The strftime() function access invalid memory when passed\n out-of-range data, resulting in a crash (CVE-2015-8776). \n* An integer overflow was found in the __hcreate_r() function\n (CVE-2015-8778). \n* Multiple unbounded stack allocations were found in the catopen()\n function (CVE-2015-8779). \n\nPlease review the CVEs referenced below for additional vulnerabilities\nthat had already been fixed in previous versions of sys-libs/glibc, for\nwhich we have not issued a GLSA before. The other vulnerabilities can possibly be\nexploited to cause a Denial of Service or leak information. \n\nWorkaround\n==========\n\nA number of mitigating factors for CVE-2015-7547 have been identified. \nPlease review the upstream advisory and references below. \n\nResolution\n==========\n\nAll GNU C Library users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=sys-libs/glibc-2.21-r2\"\n\nIt is important to ensure that no running process uses the old glibc\nanymore. The easiest way to achieve that is by rebooting the machine\nafter updating the sys-libs/glibc package. \n\nNote: Should you run into compilation failures while updating, please\nsee bug 574948. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-7423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7423\n[ 2 ] CVE-2014-0475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475\n[ 3 ] CVE-2014-0475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475\n[ 4 ] CVE-2014-5119\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5119\n[ 5 ] CVE-2014-6040\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6040\n[ 6 ] CVE-2014-7817\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7817\n[ 7 ] CVE-2014-8121\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8121\n[ 8 ] CVE-2014-9402\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9402\n[ 9 ] CVE-2015-1472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1472\n[ 10 ] CVE-2015-1781\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1781\n[ 11 ] CVE-2015-7547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7547\n[ 12 ] CVE-2015-8776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8776\n[ 13 ] CVE-2015-8778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8778\n[ 14 ] CVE-2015-8779\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8779\n[ 15 ] Google Online Security Blog: \"CVE-2015-7547: glibc getaddrinfo\n stack-based buffer overflow\"\n\nhttps://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-geta=\nddrinfo-stack.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201602-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. SEC Consult Vulnerability Lab Security Advisory \u003c 20210901-0 \u003e\n=======================================================================\n title: Multiple vulnerabilities\n product: see \"Vulnerable / tested versions\"\n vulnerable version: see \"Vulnerable / tested versions\"\n fixed version: see \"Solution\"\n CVE number: CVE-2021-39278, CVE-2021-39279\n impact: High\n homepage: https://www.moxa.com/\n found: 2020-08-31\n by: T. Weber (Office Vienna)\n SEC Consult Vulnerability Lab\n\n An integrated part of SEC Consult, an Atos company\n Europe | Asia | North America\n\n https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"Together, We Create Change\n\nMoxa is committed to making a positive impact around the world. We put our all\nbehind this commitment--from our employees, to our products and supply chain. \n\nIn our local communities, we nurture and support the spirit of volunteering. \nWe encourage our employees to contribute to community development, with an\nemphasis on ecology, education, and health. \n\nIn our products, we invest in social awareness programs and\nenvironment-friendly policies at every stage of the product lifecycle. We make\nsure our manufacturing meets the highest standards with regards to quality,\nethics, and sustainability.\"\n\nSource: https://www.moxa.com/en/about-us/corporate-responsibility\n\nBusiness recommendation:\n------------------------\nSEC Consult recommends to immediately apply the available patches\nfrom the vendor. A thorough security review should be performed by\nsecurity professionals to identify further potential security issues. \n\n\nVulnerability overview/description:\n-----------------------------------\n1) Authenticated Command Injection (CVE-2021-39279)\nAn authenticated command injection vulnerability can be triggered by issuing a\nGET request to the \"/forms/web_importTFTP\" CGI program which is available on\nthe web interface. An attacker can abuse this vulnerability to compromise the\noperating system of the device. This issue was found by emulating the firmware\nof the device. \n\n2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278)\nVia a crafted config-file, a reflected cross-site scripting vulnerability can\nbe exploited in the context of the victim\u0027s browser. This config-file can be\nuploaded to the device via the \"Config Import Export\" tab in the main menu. \n\n3) Known GNU glibc Vulnerabilities (CVE-2015-0235)\nThe used GNU glibc in version 2.9 is outdated and contains multiple known\nvulnerabilities. One of the discovered vulnerabilities (CVE-2015-0235,\ngethostbyname \"GHOST\" buffer overflow) was verified by using the MEDUSA\nscalable firmware runtime. \n\n4) Multiple Outdated Software Components\nMultiple outdated software components containing vulnerabilities were found by\nthe IoT Inspector. \n\nThe vulnerabilities 1), 2) and 3) were manually verified on an emulated device\nby using the MEDUSA scalable firmware runtime. \n\nProof of concept:\n-----------------\n1) Authenticated Command Injection (CVE-2021-39279)\nThe vulnerability can be triggered by navigating in the web interface to the\ntab:\n\n\"Main Menu\"-\u003e\"Maintenance\"-\u003e\"Config Import Export\"\n\nThe \"TFTP Import\" menu is prone to command injection via all parameters. To\nexploit the vulnerability, an IP address, a configuration path and a filename\nmust be set. \nIf the filename is used to trigger the exploit, the payload in the interceptor\nproxy would be:\n\nhttp://192.168.1.1/forms/web_importTFTP?servIP=192.168.1.1\u0026configPath=/\u0026fileName=name|`ping localhost -c 100`\n\n\n2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278)\nThe vulnerability can be triggered by navigating in the web interface to the\ntab:\n\n\"Main Menu\"-\u003e\"Maintenance\"-\u003e\"Config Import Export\"\n\nThe \"Config Import\" menu is prone to reflected cross-site scripting via the\nupload of config files. Example of malicious config file:\n-------------------------------------------------------------------------------\n[board]\ndeviceName=\"WAC-2004_0000\u003c/span\u003e\u003cscript\u003ealert(document.cookie)\u003c/script\u003e\"\ndeviceLocation=\"\"\n[..]\n-------------------------------------------------------------------------------\nUploading such a crafted file triggers cross-site scripting as the erroneous\nvalue is displayed without filtering characters. \n\n\n3) Known GNU glibc Vulnerabilities (CVE-2015-0235)\nGNU glibc version 2.9 contains multiple CVEs like:\nCVE-2016-1234, CVE-2015-7547, CVE-2013-7423, CVE-2013-1914, and more. \n\nThe gethostbyname buffer overflow vulnerability (GHOST) was checked with the\nhelp of the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was\ncompiled and executed on the emulated device to test the system. \n\n\n4) Multiple Outdated Software Components\nThe IoT Inspector recognized multiple outdated software components with known\nvulnerabilities:\n\nBusyBox 1.18.5 06/2011\nDropbear SSH 2011.54 11/2011\nGNU glibc 2.9 02/2009\nLinux Kernel 2.6.27 10/2008\nOpenSSL 0.9.7g 04/2005\nOnly found in the program \"iw_director\"\nOpenSSL 1.0.0 03/2010\n\n\nVulnerable / tested versions:\n-----------------------------\nThe following firmware versions for various devices have been identified\nto be vulnerable:\n* WAC-2004 / 1.7\n* WAC-1001 / 2.1\n* WAC-1001-T / 2.1\n* OnCell G3470A-LTE-EU / 1.7\n* OnCell G3470A-LTE-EU-T / 1.7\n* TAP-323-EU-CT-T / 1.3\n* TAP-323-US-CT-T / 1.3\n* TAP-323-JP-CT-T / 1.3\n* WDR-3124A-EU / 2.3\n* WDR-3124A-EU-T / 2.3\n* WDR-3124A-US / 2.3\n* WDR-3124A-US-T / 2.3\n\n\nVendor contact timeline:\n------------------------\n2020-10-09: Contacting vendor through moxa.csrt@moxa.com. \n2020-10-12: Contact sends PGP key for encrypted communication and asks for the\n detailed advisory. Sent encrypted advisory to vendor. \n2020-11-06: Status update from vendor regarding technical analysis. Vendor\n requested more time for fixing the vulnerabilities as more products\n are affected. \n2020-11-09: Granted more time for fixing to vendor. \n2020-11-10: Vendor asked for next steps regarding the advisory publication. \n2020-11-11: Asked vendor for an estimation when a public disclosure is possible. \n2020-11-16: Vendor responded that the product team can give a rough feedback. \n2020-11-25: Asked for a status update. \n2020-11-25: Vendor responded that the investigation is not done yet. \n2020-12-14: Vendor provided a list of potential affected devices and stated\n that full investigation may take until January 2021 due to the list\n of CVEs that were provided with the appended IoT Inspector report. \n The patches may be available until June 2021. \n2020-12-15: Shifted next status update round with vendor on May 2021. \n2020-12-23: Vendor provided full list of affected devices. \n2021-02-05: Vendor sieved out the found issues from 4) manually and provided a\n full list of confirmed vulnerabilities. WAC-2004 phased-out in\n 2019. \n2021-02-21: Confirmed receive of vulnerabilities, next status update in May\n 2021. \n2021-06-10: Asking for an update. \n2021-06-15: Vendor stated, that the update will be provided in the next days. \n2021-06-21: Vendor will give an update in the next week as Covid gets worse in\n Taiwan. \n2021-06-23: Vendor stated, that patches are under development. Vendor needs more\n time to finish the patches. \n2021-06-24: Set release date to 2021-09-01. \n2021-07-02: Vendor provides status updates. \n2021-08-16: Vendor provides status updates. \n2021-08-17: Vendor asks for CVE IDs and stated, that WDR-3124A has phased-out. \n2021-08-20: Sent assigned CVE-IDs to vendor. Asked for fixed version numbers. \n2021-08-31: Vendor provides fixed firmware version numbers and the advisory\n links. \n2021-09-01: Coordinated release of security advisory. \n\nSolution:\n---------\nAccording to the vendor the following patches must be applied to fix issues:\n* WAC-1001 / 2.1.5\n* WAC-1001-T / 2.1.5\n* OnCell G3470A-LTE-EU / 1.7.4\n* OnCell G3470A-LTE-EU-T / 1.7.4\n* TAP-323-EU-CT-T / 1.8.1\n* TAP-323-US-CT-T / 1.8.1\n* TAP-323-JP-CT-T / 1.8.1\n\nThe Moxa Technical Support must be contacted for requesting the security\npatches. \n\nThe corresponding security advisories for the affected devices are available on\nthe vendor\u0027s website:\nTAP-323/WAC-1001/WAC-2004\nhttps://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities\nOnCell G3470A-LTE/WDR-3124A\nhttps://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities\n\nThe following device models are EOL and should be replaced:\n* WAC-2004\n* WDR-3124A-EU\n* WDR-3124A-EU-T\n* WDR-3124A-US\n* WDR-3124A-US-T\n\n\nWorkaround:\n-----------\nNone. \n\n\nAdvisory URL:\n-------------\nhttps://sec-consult.com/vulnerability-lab/\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSEC Consult Vulnerability Lab\n\nSEC Consult, an Atos company\nEurope | Asia | North America\n\nAbout SEC Consult Vulnerability Lab\nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an\nAtos company. It ensures the continued knowledge gain of SEC Consult in the\nfield of network and application security to stay ahead of the attacker. The\nSEC Consult Vulnerability Lab supports high-quality penetration testing and\nthe evaluation of new offensive and defensive technologies for our customers. \nHence our customers obtain the most current information about vulnerabilities\nand valid recommendation about the risk profile of new technologies. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nInterested to work with the experts of SEC Consult?\nSend us your application https://sec-consult.com/career/\n\nInterested in improving your cyber security with the experts of SEC Consult?\nContact our local offices https://sec-consult.com/contact/\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nEOF Thomas Weber / @2021\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7547"
},
{
"db": "CERT/CC",
"id": "VU#457759"
},
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135911"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "136048"
},
{
"db": "PACKETSTORM",
"id": "136976"
},
{
"db": "PACKETSTORM",
"id": "135810"
},
{
"db": "PACKETSTORM",
"id": "164014"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/457759",
"trust": 0.8,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-85508",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#457759"
},
{
"db": "VULHUB",
"id": "VHN-85508"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7547",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#457759",
"trust": 2.5
},
{
"db": "BID",
"id": "83265",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "164014",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "154361",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "39454",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "40339",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10150",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "167552",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "135802",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1035020",
"trust": 1.7
},
{
"db": "PULSESECURE",
"id": "SA40161",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TRA-2017-08",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-16-103-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348",
"trust": 0.7
},
{
"db": "SIEMENS",
"id": "SSA-301706",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2016-01100",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022060049",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2340",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "138068",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136976",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135911",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "135801",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136048",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136808",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135971",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137497",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135791",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135856",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136988",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136881",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135853",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137351",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136325",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136985",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135800",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135789",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138601",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-90749",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85508",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140605",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137292",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135810",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#457759"
},
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135911"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "136048"
},
{
"db": "PACKETSTORM",
"id": "136976"
},
{
"db": "PACKETSTORM",
"id": "135810"
},
{
"db": "PACKETSTORM",
"id": "164014"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"id": "VAR-201602-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
}
],
"trust": 0.8356060666666666
},
"last_update_date": "2024-09-19T20:20:45.196000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for GNU glibc getaddrinfo () stack buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/71529"
},
{
"title": "glibc Fixes for stack-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=60267"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html"
},
{
"trust": 2.5,
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
},
{
"trust": 2.5,
"url": "https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 2.5,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17"
},
{
"trust": 2.5,
"url": "https://bto.bluecoat.com/security-advisory/sa114"
},
{
"trust": 2.5,
"url": "http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/154361/cisco-device-hardcoded-credentials-gnu-glibc-busybox.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/164014/moxa-command-injection-cross-site-scripting-vulnerable-software.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/167552/nexans-ftto-gigaswitch-outdated-components-hardcoded-backdoor.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1035020"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/sep/7"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/sep/7"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2021/sep/0"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/jun/36"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/39454/"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/40339/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/83265"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2016/dsa-3480"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2016/dsa-3481"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177404.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177412.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0175.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0176.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0225.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0277.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html"
},
{
"trust": 1.7,
"url": "http://ubuntu.com/usn/usn-2900-1"
},
{
"trust": 1.7,
"url": "https://www.kb.cert.org/vuls/id/457759"
},
{
"trust": 1.7,
"url": "http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-stack-based-buffer-overflow.html"
},
{
"trust": 1.7,
"url": "http://support.citrix.com/article/ctx206991"
},
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"trust": 1.7,
"url": "http://www.vmware.com/security/advisories/vmsa-2016-0002.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/articles/2161461"
},
{
"trust": 1.7,
"url": "https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/"
},
{
"trust": 1.7,
"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293532"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05028479"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04989404"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05008367"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05053211"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05073516"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05098877"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05125672"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128937"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05130958"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05140858"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05176716"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05212266"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.7,
"url": "https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-103-01"
},
{
"trust": 1.7,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40161"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20160217-0002/"
},
{
"trust": 1.7,
"url": "https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html"
},
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/len_5450"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2017-08"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=145672440608228\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=145596041017029\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=145857691004892\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=146161017210491\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=145690841819314\u0026w=2"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10150"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/security/cve/cve-2015-7547"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
},
{
"trust": 0.8,
"url": "https://sourceware.org/glibc/wiki/glibc%20timeline"
},
{
"trust": 0.8,
"url": "https://www.centos.org/forums/viewtopic.php?t=56467"
},
{
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160218-glibc"
},
{
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2016/02/msg00009.html"
},
{
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/usn-2900-1/"
},
{
"trust": 0.8,
"url": "http://forums.juniper.net/t5/security-incident-response/glibc-getaddrinfo-stack-based-buffer-overflow-cve-2015-7547/ba-p/288261"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf"
},
{
"trust": 0.6,
"url": "https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 0.6,
"url": "https://isc.sans.edu/diary/cve-2015-7547"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2016:0225"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2016:0277"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2016:0176"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2016:0175"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160304-01-glibc-cn"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2340/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022060049"
},
{
"trust": 0.5,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.5,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
},
{
"trust": 0.2,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1472"
},
{
"trust": 0.2,
"url": "https://www.sec-consult.com"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9402"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8778"
},
{
"trust": 0.2,
"url": "https://twitter.com/sec_consult"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8779"
},
{
"trust": 0.2,
"url": "http://blog.sec-consult.com"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7423"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145690841819314\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145596041017029\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145672440608228\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=145857691004892\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=146161017210491\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10150"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4877"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6420"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/glibc/2.21-0ubuntu4.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-2900-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.7"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/info/insightcontrol"
},
{
"trust": 0.1,
"url": "https://github.com/fjserna/cve-2015-7547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6301"
},
{
"trust": 0.1,
"url": "https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html"
},
{
"trust": 0.1,
"url": "https://r.sec-consult.com/ciscoiot"
},
{
"trust": 0.1,
"url": "https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
},
{
"trust": 0.1,
"url": "https://github.com/fjserna/cve-2015-7547."
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/career/index.html"
},
{
"trust": 0.1,
"url": "https://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5277"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190904-sb-vpnrouter"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2147"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000366"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2148"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20679"
},
{
"trust": 0.1,
"url": "https://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5747"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/contact/index.html"
},
{
"trust": 0.1,
"url": "https://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16"
},
{
"trust": 0.1,
"url": "https://helion.hpwsportal.com"
},
{
"trust": 0.1,
"url": "http://docs.hpcloud.com/#helion/installation/upgrade20_to_212.html"
},
{
"trust": 0.1,
"url": "http://docs.hpcloud.com/#helion/installation/upgrade_to_212.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9402"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-geta="
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7817"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7547"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8121"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6040"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8778"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1781"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-7817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5119"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8121"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6040"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7423"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5119"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1472"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39278"
},
{
"trust": 0.1,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0235"
},
{
"trust": 0.1,
"url": "https://www.moxa.com/en/about-us/corporate-responsibility"
},
{
"trust": 0.1,
"url": "https://seclists.org/oss-sec/2015/q1/274."
},
{
"trust": 0.1,
"url": "https://sec-consult.com/contact/"
},
{
"trust": 0.1,
"url": "https://sec-consult.com/vulnerability-lab/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1234"
},
{
"trust": 0.1,
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39279"
},
{
"trust": 0.1,
"url": "https://www.moxa.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1914"
},
{
"trust": 0.1,
"url": "https://sec-consult.com/career/"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/forms/web_importtftp?servip=192.168.1.1\u0026configpath=/\u0026filename=name|`ping"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#457759"
},
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135911"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "136048"
},
{
"db": "PACKETSTORM",
"id": "136976"
},
{
"db": "PACKETSTORM",
"id": "135810"
},
{
"db": "PACKETSTORM",
"id": "164014"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#457759"
},
{
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"db": "VULHUB",
"id": "VHN-85508"
},
{
"db": "PACKETSTORM",
"id": "138068"
},
{
"db": "PACKETSTORM",
"id": "140605"
},
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "135911"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "154361"
},
{
"db": "PACKETSTORM",
"id": "136048"
},
{
"db": "PACKETSTORM",
"id": "136976"
},
{
"db": "PACKETSTORM",
"id": "135810"
},
{
"db": "PACKETSTORM",
"id": "164014"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348"
},
{
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-17T00:00:00",
"db": "CERT/CC",
"id": "VU#457759"
},
{
"date": "2016-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"date": "2016-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-85508"
},
{
"date": "2016-07-27T14:25:21",
"db": "PACKETSTORM",
"id": "138068"
},
{
"date": "2017-01-19T13:56:50",
"db": "PACKETSTORM",
"id": "140605"
},
{
"date": "2016-02-17T01:01:26",
"db": "PACKETSTORM",
"id": "135801"
},
{
"date": "2016-02-24T23:59:59",
"db": "PACKETSTORM",
"id": "135911"
},
{
"date": "2016-06-02T19:12:12",
"db": "PACKETSTORM",
"id": "137292"
},
{
"date": "2019-09-04T18:32:22",
"db": "PACKETSTORM",
"id": "154361"
},
{
"date": "2016-03-03T00:54:17",
"db": "PACKETSTORM",
"id": "136048"
},
{
"date": "2016-05-12T16:07:19",
"db": "PACKETSTORM",
"id": "136976"
},
{
"date": "2016-02-17T23:53:39",
"db": "PACKETSTORM",
"id": "135810"
},
{
"date": "2021-09-01T15:42:52",
"db": "PACKETSTORM",
"id": "164014"
},
{
"date": "2016-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-348"
},
{
"date": "2016-02-18T21:59:00.120000",
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-14T00:00:00",
"db": "CERT/CC",
"id": "VU#457759"
},
{
"date": "2016-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01100"
},
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-85508"
},
{
"date": "2023-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-348"
},
{
"date": "2023-02-12T23:15:36.457000",
"db": "NVD",
"id": "CVE-2015-7547"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "135801"
},
{
"db": "PACKETSTORM",
"id": "137292"
},
{
"db": "PACKETSTORM",
"id": "135810"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-348"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "glibc vulnerable to stack buffer overflow in DNS resolver",
"sources": [
{
"db": "CERT/CC",
"id": "VU#457759"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-348"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.