Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1486
Views
5
Helpful
5
Replies

Linux bug - glibc - CVE-2015-7547

Go to solution
stuartbedale
Level 1
Level 1

‎02-18-2016 02:08 AM - edited ‎03-17-2019 05:56 AM

Hello all

Does anyone know when Cisco might release a "Security Advisories, Responses and Notices" document for Linux based IPT applications (Callmanager, Unity Connection, UCCX, CUIC, ELM etc) for

CVE-2015-7547 - glibc getaddrinfo stack-based buffer overflow

I have found

Glibc libresolv Library Stack-Based Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/viewAlert.x?alertId=43583

But nothing specific to clarify is these IPT applications are vulnerable or not, or if this is under investigation.

Thanks in advance

3 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Levent Ozturk
Level 1
Level 1
In response to stuartbedale

‎02-19-2016 02:26 AM

Hi all,

Cisco started investigating:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc

View solution in original post

5 Replies 5

Go to solution
Gerson Fabian Morales Marin
Community Member

‎02-18-2016 12:03 PM

Hello,

I have been doing some research on this and it looks like this vulnerabilities is affecting only platforms acting as DNS servers and not DNS clients such as (Call manager, Unity Connection, UCCX, ELM )

Note= This issue did not affect the version of glibc shipped with Red Hat Enterprise Linux 5 or earlier. This issue affected the versions of glibc shipped with Red Hat Enterprise Linux 6 and 7.

This information is base on Redhat:

Link=  https://access.redhat.com/articles/2161461

Virtualization for Cisco Unified Communications Manager (CUCM)

CUCM version 11

Supported Versions of VMware vSphere ESXi = 5.0 U1, 5.1, 5.5 for all components.  6.0 for all components except PCD.

CUCM Version 10.x

Supported Versions of VMware vSphere ESXi = 4.0 U4, 4.1 U2, 5.0 U1, 5.1, 5.5 for all components. 6.0 for all components except PCD

CUCM Version 9.1(x)

Supported Versions of VMware vSphere ESXi = 4.0 U3, 4.1 U1, 5.0, 5.1, 5.5, 6.0

CUCM Version 9.0(1)

Supported Versions of VMware vSphere ESXi = 4.0 U3, 4.1 U1, 5.0, 5.1, 5.5

CUCM Version 8.6(x)

Supported Versions of VMware vSphere ESXi = 4.0 U1, 4.1, 5.0, 5.1

CUCM Version 8.5 (x)

upported Versions of VMware vSphere ESXi = 4.0, 4.1, 5.0, 5.1

CUCM Version  8.0(2+)

Supported Versions of VMware vSphere ESXi = 4.0, 4.1, 5.0, 5.1

Link=  http://docwiki.cisco.com/wiki/Virtualization_for_Cisco_Unified_Communications_Manager_%28CUCM%29

Regards,

Gerson

0 Helpful

Go to solution
stuartbedale
Level 1
Level 1
In response to Gerson Fabian Morales Marin

‎02-19-2016 02:02 AM

Hi there

I am not sure I agree with you there.  Although the Cisco IPT applications are not acting as DNS servers, they can be DNS clients, and as the Red Hat link shown above states in the FAQs section, clients are still vulnerable to potentially affected DNS servers.

“Is it sufficient to upgrade Internet-facing DNS servers and recursive resolvers?
No, the glibc packages on all hosts (both servers and clients) need to be updated.”

and

“Can this vulnerability be mitigated by having a system contact trusted DNS servers only?
In theory, this is possible, but once a system is connected to the Internet, it is likely that it accidentally makes DNS queries using unexpected names, potentially obtaining data from untrusted DNS servers (through the configured recursive resolvers).”


and regarding VMware/ESXi,  I had not thought about whether that was susceptible to this too..... I see VMware has a reference to a previous glibc bug CVE-2015-0235 -


https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=210586


These were not affected by the previous issue, but there is no reference to this new bug.... something else that needs to be clarified.

Thanks.

Stuart

0 Helpful

Go to solution
stuartbedale
Level 1
Level 1
In response to stuartbedale

‎02-19-2016 02:16 AM

CORRECTION - scratch those comments about VMware, Linux does not appear to be in ESXi

https://www.vmware.com/files/pdf/VMware-ESX-and-VMware-ESXi-DS-EN.pdf

"VMware ESX relies on a Linux operating system, called the service console, to perform some management functions including executing scripts and installing third-party agents for hardware monitoring, backup or systems management. The service console has been removed from VMware ESXi, dramatically reducing its footprint."

0 Helpful

Go to solution
Levent Ozturk
Level 1
Level 1
In response to stuartbedale

‎02-19-2016 02:26 AM

Hi all,

Cisco started investigating:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc

Go to solution
stuartbedale
Level 1
Level 1
In response to Levent Ozturk

‎02-19-2016 02:37 AM

Hello Levent

Thank you, that is what I was looking for.. let us see that they say.

Thank you

Stuart

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents