02-18-2016 02:08 AM - edited 03-17-2019 05:56 AM
Hello all
Does anyone know when Cisco might release a "Security Advisories, Responses and Notices" document for Linux based IPT applications (Callmanager, Unity Connection, UCCX, CUIC, ELM etc) for
CVE-2015-7547 - glibc getaddrinfo stack-based buffer overflow
I have found
Glibc libresolv Library Stack-Based Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/viewAlert.x?alertId=43583
But nothing specific to clarify is these IPT applications are vulnerable or not, or if this is under investigation.
Thanks in advance
Solved! Go to Solution.
02-19-2016 02:26 AM
Hi all,
Cisco started investigating:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc
02-18-2016 12:03 PM
Hello,
I have been doing some research on this and it looks like this vulnerabilities is affecting only platforms acting as DNS servers and not DNS clients such as (Call manager, Unity Connection, UCCX, ELM )
Note= This issue did not affect the version of glibc shipped with Red Hat Enterprise Linux 5 or earlier. This issue affected the versions of glibc shipped with Red Hat Enterprise Linux 6 and 7.
This information is base on Redhat:
Link= https://access.redhat.com/articles/2161461
CUCM version 11
Supported Versions of VMware vSphere ESXi = 5.0 U1, 5.1, 5.5 for all components. 6.0 for all components except PCD.
CUCM Version 10.x
Supported Versions of VMware vSphere ESXi = 4.0 U4, 4.1 U2, 5.0 U1, 5.1, 5.5 for all components. 6.0 for all components except PCD
CUCM Version 9.1(x)
Supported Versions of VMware vSphere ESXi = 4.0 U3, 4.1 U1, 5.0, 5.1, 5.5, 6.0
CUCM Version 9.0(1)
Supported Versions of VMware vSphere ESXi = 4.0 U3, 4.1 U1, 5.0, 5.1, 5.5
CUCM Version 8.6(x)
Supported Versions of VMware vSphere ESXi = 4.0 U1, 4.1, 5.0, 5.1
CUCM Version 8.5 (x)
upported Versions of VMware vSphere ESXi = 4.0, 4.1, 5.0, 5.1
CUCM Version 8.0(2+)
Supported Versions of VMware vSphere ESXi = 4.0, 4.1, 5.0, 5.1
Link= http://docwiki.cisco.com/wiki/Virtualization_for_Cisco_Unified_Communications_Manager_%28CUCM%29
Regards,
Gerson
02-19-2016 02:02 AM
Hi there
I am not sure I agree with you there. Although the Cisco IPT applications are not acting as DNS servers, they can be DNS clients, and as the Red Hat link shown above states in the FAQs section, clients are still vulnerable to potentially affected DNS servers.
“Is it sufficient to upgrade Internet-facing DNS servers and recursive resolvers?
No, the glibc packages on all hosts (both servers and clients) need to be updated.”
and
“Can this vulnerability be mitigated by having a system contact trusted DNS servers only?
In theory, this is possible, but once a system is connected to the Internet, it is likely that it accidentally makes DNS queries using unexpected names, potentially obtaining data from untrusted DNS servers (through the configured recursive resolvers).”
and regarding VMware/ESXi, I had not thought about whether that was susceptible to this too..... I see VMware has a reference to a previous glibc bug CVE-2015-0235 -
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=210586
These were not affected by the previous issue, but there is no reference to this new bug.... something else that needs to be clarified.
Thanks.
Stuart
02-19-2016 02:16 AM
CORRECTION - scratch those comments about VMware, Linux does not appear to be in ESXi
https://www.vmware.com/files/pdf/VMware-ESX-and-VMware-ESXi-DS-EN.pdf
"VMware ESX relies on a Linux operating system, called the service console, to perform some management functions including executing scripts and installing third-party agents for hardware monitoring, backup or systems management. The service console has been removed from VMware ESXi, dramatically reducing its footprint."
02-19-2016 02:26 AM
Hi all,
Cisco started investigating:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc
02-19-2016 02:37 AM
Hello Levent
Thank you, that is what I was looking for.. let us see that they say.
Thank you
Stuart
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: