IBM3387AA402195A553EEC76DA6F7A2EED7C89542378DCEE0F0391682CD02B9A0B9Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2015-8985)
0.003 Low
EPSS
Percentile
69.5%
Summary
IBM Security Proventia Network Active Bypass has addressed the following vulnerabilities. ( CVE-2015-8985)
Vulnerability Details
CVEID:CVE-2015-8985**
DESCRIPTION: *glibc is vulnerable to a denial of service, caused by a flaw in the pop_fail_stack function. By using a specially crafted extended regular expression, a remote attacker could cause an assertion failure and application crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126591 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
IBM Security 1G Network Active Bypass firmware version 1.X firmware levels 1.0.849 through 3.30.9-27
IBM Security 10G Network Active Bypass firmware versions 1.x firmware levels 1.0.1876 through 3.30.9-27
Remediation/Fixes
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Proventia Network Active Bypass| 3.X | Proventia 1G NAB Update 23 (fw 3.30.10-37) IBM Security Proventia Network Active Bypass| 3.X| Proventia 10G NAB Update 20 (fw 3.30.10-37)
For IBM Security Proventia Network Active Bypass products at the following firmware versions:
- IBM Security 1G Network Active Bypass firmware version 1.X firmware levels 1.0.849 through 3.30.4-12, 3.30.5-21, 3.30.7-23, 3.30.9-27
- IBM Security 10G Network Active Bypass firmware versions 1.X firmware levels 1.0.1876 through 3.30.5-21, 3.30.7-23, 3.30.9-27
IBM recommends upgrading to 3.30.10-37, the supported firmware release of the product.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security network active bypass | eq | 3.0 |
Related
0.003 Low
EPSS
Percentile
69.5%