Jump to content


Photo

CVE-2015-7547 glibc getaddrinfo stack-based buffer overflow

CVE-2015-7547 glibc getaddrinfo buffer overflow

  • This topic is locked This topic is locked
8 replies to this topic

#1 Dave Farrow

Dave Farrow

    PSIRT

  • Moderators
  • 33 posts

Posted 17 February 2016 - 12:41 PM

On Tuesday, Feb 16, Google researchers reported a stack based buffer overflow in the commonly used glibc library. We are investigating the impact to our physical and virtual products and our cloud based services and will update this space as we have more details.



#2 Pedro Gall

Pedro Gall
  • Members
  • 8 posts

Posted 19 February 2016 - 01:48 AM

Any updates yet?



#3 Evan Blackstone

Evan Blackstone
  • Members
  • 6 posts

Posted 19 February 2016 - 01:53 PM

Seconded. Any info yet?



#4 Pedro Gall

Pedro Gall
  • Members
  • 8 posts

Posted 22 February 2016 - 04:47 AM

Asking again for an update. Have not found any Security Updates on the appliances. What's the status?



#5 John Norris

John Norris
  • Members
  • 1 posts

Posted 22 February 2016 - 03:56 PM

I contacted Barracuda support about this today and they sent me here.  I guess there is no update........................yet.



#6 Manfred Wiktorin

Manfred Wiktorin
  • Members
  • 1 posts

Posted 23 February 2016 - 03:06 AM

The security issue was reported 1 week ago. Other manufacturers delivered security patches within 2 days.

From Barracuda there is even no further information yet. WTF is going wrong at Barrcuda?



#7 Dave Farrow

Dave Farrow

    PSIRT

  • Moderators
  • 33 posts

Posted 23 February 2016 - 05:41 PM

Updates for NG Firewall F-Series versions 5.4, 6.0, 6.1, and 6.2 are available at: https://community.ba...ity-advisories/



#8 Dave Farrow

Dave Farrow

    PSIRT

  • Moderators
  • 33 posts

Posted 23 February 2016 - 06:02 PM

We are able to confirm that the following Barracuda physical and virtual appliances are not vulnerable to CVE-2015-7547:

 

  • Email Security Gateway (Span and Virus Firewall)
  • Web Security Gateway (Web Filter)
  • Web Application Firewall
  • Backup
  • Message Archiver
  • Load Balancer ADC
  • Load Balancer FDC
  • Link Balancer
  • SSL VPN
  • Phone System

We will post additional updates as we continue our research.



#9 Dave Farrow

Dave Farrow

    PSIRT

  • Moderators
  • 33 posts

Posted 24 February 2016 - 12:05 PM

Updates for the NG Firewall X-Series versions 6.8.2 and 6.8.3 are now available.