02-17-2016 08:15 AM
Are any of the Cisco products, such as the ESA or SMA releases, affected by the CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow?
02-17-2016 08:49 AM
At first glance, probably not. AsyncOS is FreeBSD based, which isn't vulnerable. (they don't use glibc).
We'll have to wait for official word of course... someone could have done something nutty...
02-17-2016 08:54 AM
OK. That is what I am understanding too. Thanks.
02-17-2016 09:57 PM
Hello Tim and Ken,
Yep the PSIRT team at Cisco are currently investigating this as I filed the request yesterday to them, we'll update you once we receive any further details.
Regards,
Matthew
02-18-2016 05:11 PM
Hey All,
The PSIRT team has issued the advisory for this issue.
WSA is not impacted.
ESA and SMA are under investigation.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc
Regards,
Matthew
02-19-2016 05:07 PM
Hey Everyone,
Advisory was updated.
ESA is removed from investigation and not vulnerable to this CVE.
Thanks,
Matthew
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide