IBM Security Proventia Network Active Bypass has addressed the following vulnerability. (CVE-2017-1000366)
CVEID: CVE-2017-1000366**
DESCRIPTION:** Glibc could allow a local attacker to execute arbitrary code on the system, caused by a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack. By using specially-crafted crafted LD_LIBRARY_PATH values, an attacker could exploit this vulnerability to trigger a stack memory allocation flaw and execute arbitrary code on the system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127452 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM Security 1G Network Active Bypass firmware version 1.X firmware levels 1.0.849 through 3.30.9-27
IBM Security 10G Network Active Bypass firmware versions 1.x firmware levels 1.0.1876 through 3.30.9-27
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Proventia Network Active Bypass| 3.X| Proventia 1G NAB Update 23 (fw 3.30.10-37) IBM Security Proventia Network Active Bypass| 3.X| Proventia 10G NAB Update 20 (fw 3.30.10-37)
For IBM Security Proventia Network Active Bypass products at the following firmware versions:
IBM recommends upgrading to 3.30.10-37, the supported firmware release of the product.
None