SonicWall Notice Concerning CVE-2015-7547 Glibc Vulnerability
Dell SonicWALL Notice Concerning CVE-2015-7547 Glibc Vulnerability
On Tuesday February 16th, 2016, Google posted a blog outlining a vulnerability in glibc (the GNU C library) which is used in many products and leaves those products vulnerable to remote exploitation. The vulnerability, identified as CVE-2015-7547, is similar to Heartbleed and Shellshock in terms of the scope of affected systems, but is not as serious as it is significantly more difficult to exploit. Successful exploitation of the vulnerability relies on the potential victim communicating with a hostile/malicious DNS server or to be subject to a man-in-the-middle attack. Nevertheless, the vulnerability is considered to be critical by the industry since it can lead to remote exploitation of the client system.
SRA X00 Series
- All SRA firmware versions prior to 18.104.22.168-11sv for SRA 4600/1600/Virtual Appliance and 22.214.171.124-25sv for SRA 4200/1200 are affected
- The patches are available for download.
- For SRA SMB 126.96.36.199-14sv: the fix (CVE-2015-7547) has been posted in mysonicwall.com. Simply log into your mysonicwall.com account, locate and apply.
- For SRA SMB 188.8.131.52-27sv has been posted in mysonicwall.com. Simply log into your mysonicwall.com account, locate and apply.
Should you have further questions or need assistance, please contact your preferred Dell SonicWALL reseller or Dell SonicWALL Support.