Glibc vulnerabilities were found in IBM Security Network Controller. IBM Security Network Controller has addressed the applicable CVEs.
CVEID: CVE-2015-5229
DESCRIPTION: GNU C Library (glibc) is vulnerable to a denial of service, caused by the return of memory areas containing non-zero bytes by the calloc implementation. A remote attacker could exploit this vulnerability to cause the application to crash or hang.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110711> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-8776 DESCRIPTION: GNU C Library (glibc) is vulnerable to a denial of service. By passing out-of-range time values to the strftime function, a remote attacker could exploit this vulnerability to cause a segmentation fault or obtain sensitive information.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110675> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
IBM Security Network Controller 1.0.X
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Controller| 1.0.X| Proventia NSC Update 14 (fw 1.0.4000) ** IBM Security Network Controller**| 1.0.X| Proventia NSC Update 14 (fw 1.0.4000M)
for IBM Security Network Controller products at Firmware versions 1.X
IBM recommends upgrading to 1.0.4000M/1.0.4000 depending on current firmware installed. Update 1.0.4000M and 1.0.4000 are the supported firmware release of the product.
CPE | Name | Operator | Version |
---|---|---|---|
ibm security network controller | eq | 1.0 |