Multiple vulnerabilities in glibc
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2015-009 | 02/26/2015 | low | v1 |
Vulnerability details
Multiple vulnerabilities has been disclosed in GNU C Library – glibc.
The general use of the GNU C Library makes this vulnerability widely spread. These vulnerabilities reside in scanf and fnmatch functions and can lead to denial of service attacks
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Fast360 | low | The product embeds a vulnerable version of glibc. |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | 02/26/2015 | Initial release |
Fast360 |
CVSS v2 Overall Score: 3.8
|
Analysis |
Impacted version |
|
Arkoon Fast360 products embed a vulnerable version of the glibc. Thus, any software in Arkoon Fast360 products using the vulnerable functions fnmatch(3) and scanf(3) may be vulnerable. However, the conditions to successfully exploit these vulnerabilties on FAST360 appliances are hard to fulfill. |
|
Workaround solution |
Solution |
|
A patch is available in versions 5.0/35 and 6.0/9. These versions are available for download through our Early Access Release (EAR) program which can be accessed by registering to the community via https://open.arkoon.net/ear-acceder-a-nos-prochaines-version-en-avant-premiere These versions will be made publicly available through our main update servers on 29 Sepetember 2015.
|
5.0/35 and 6.0/9 updates fix these vulnerabilities. You are strongly advised to update your appliances. |
| Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
|---|---|---|---|---|---|
| Network | High | None | Partial | None | Partial |
| CVSS Base score: 4 | CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:P) |
| Exploitability | Remediation Level | Report Confidence |
|---|---|---|
| Proof of concept code | Official fix | Confirmed |
| CVSS Temporal score: 3.2 | CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:P/E:POC/RL:OF/RC:C) |
| Collateral Damage Potential | Target Distribution |
|---|---|
| Low | High [76-100%] |
| CVSS Environmental score: 3.8 | CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:P/E:POC/RL:OF/RC:C/CDP:L/TD:H/CR:ND/IR:ND/AR:ND) |