cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1022
Views
0
Helpful
5
Replies

CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow

tsilveruits
Level 1
Level 1

Are any of the Cisco products, such as the ESA or SMA releases, affected by the CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow?

5 Replies 5

At first glance, probably not.  AsyncOS is FreeBSD based, which isn't vulnerable. (they don't use glibc).

We'll have to wait for official word of course... someone could have done something nutty...

OK. That is what I am understanding too. Thanks.

Hello Tim and Ken,


Yep the PSIRT team at Cisco are currently investigating this as I filed the request yesterday to them, we'll update you once we receive any further details.

Regards,

Matthew

Hey All,


The PSIRT team has issued the advisory for this issue.

WSA is not impacted.


ESA and SMA are under investigation.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc

Regards,

Matthew

Hey Everyone,

Advisory was updated.

ESA is removed from investigation and not vulnerable to this CVE.

Thanks,

Matthew