en-US
search-icon
SNWL - Icons

SonicWall Notice Concerning CVE-2015-7547 Glibc Vulnerability

Dell SonicWALL Notice Concerning CVE-2015-7547 Glibc Vulnerability

On Tuesday February 16th, 2016, Google posted a blog outlining a vulnerability in glibc (the GNU C library) which is used in many products and leaves those products vulnerable to remote exploitation.  The vulnerability, identified as CVE-2015-7547, is similar to Heartbleed and Shellshock in terms of the scope of affected systems, but is not as serious as it is significantly more difficult to exploit. Successful exploitation of the vulnerability relies on the potential victim communicating with a hostile/malicious DNS server or to be subject to a man-in-the-middle attack.  Nevertheless, the vulnerability is considered to be critical by the industry since it can lead to remote exploitation of the client system. 

SRA X00 Series

- All SRA firmware versions prior to 8.1.0.1-11sv for SRA 4600/1600/Virtual Appliance and 8.0.0.4-25sv for SRA 4200/1200 are affected

- The patches are available for download.

  • For SRA SMB 8.1.0.2-14sv: the fix (CVE-2015-7547) has been posted in mysonicwall.com. Simply log into your mysonicwall.com account, locate and apply.
  • For SRA SMB 8.0.0.5-27sv has been posted in mysonicwall.com. Simply log into your mysonicwall.com account, locate and apply.

Should you have further questions or need assistance, please contact your preferred Dell SonicWALL reseller or Dell SonicWALL Support.