• Welcome to InfoExpress Support Forums. Please login or sign up.
 
June 25, 2021, 06:39:05 AM

News:

Please register to gain access to the private support forums.


InfoExpress Products Not Vulnerable to CVE-2015-7547

Started by Zeeshan, February 17, 2016, 04:14:05 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Zeeshan

Overview

Recently, a security flaw was uncovered in glibc in Linux. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.

Details on the vulnerability can be obtained here
https://access.redhat.com/articles/2161461
https://access.redhat.com/security/cve/cve-2015-7547
https://googleonlinesecurity.blogspot.in/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

InfoExpress and glibc vulnerability

We are pleased to announce that no InfoExpress products (including current and previous versions) are not affected by this security flaw.

Customers with questions can contact InfoExpress Support through their normal support channels.

Use of this document and web site are governed by the Terms and Conditions of Use for InfoExpress's web site.