On February 16, 2016, security researchers publicly disclosed a vulnerability in the Linux glibc library, which is commonly found in Linux-based operating systems. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used (CVE-2015-7547). A remote attacker could create specially crafted DNS responses, which could cause the library to crash or potentially execute code with the permissions of the user running the library.

Following the disclosure of this vulnerability, we immediately initiated a review of EMC Information Infrastructure and RSA products to assess any potential impact. We have published Knowledgebase articles on our customer accessible support websites that reflect the most up-to-date information from our review along with remediation plans, where needed:

We will continue to update the information as our review and remediation continues using our standard customer communication channels (including Security Advisories).

If customers would like further assistance accessing the articles, they can reach out to EMC support at support@emc.com or RSA support at support@rsa.com.

Eric Baize

Eric Baize

Eric Baize is Senior Director of the Product Security Office at EMC Corporation. He leads the Product Security Office with company-wide responsibility for product security and supply chain assurance, covering vulnerability response handling, security development lifecycle implementation, supply chain risk management, coordination of security certifications and integration of RSA technology in EMC products and solutions. More ...
Tags: , ,

Comments are closed.