SonicWall Notice Concerning CVE-2015-7547 Glibc Vulnerability
Dell SonicWALL Notice Concerning CVE-2015-7547 Glibc Vulnerability
On Tuesday February 16th, 2016, Google posted a blog outlining a vulnerability in glibc (the GNU C library) which is used in many products and leaves those products vulnerable to remote exploitation. The vulnerability, identified as CVE-2015-7547, is similar to Heartbleed and Shellshock in terms of the scope of affected systems, but is not as serious as it is significantly more difficult to exploit. Successful exploitation of the vulnerability relies on the potential victim communicating with a hostile/malicious DNS server or to be subject to a man-in-the-middle attack. Nevertheless, the vulnerability is considered to be critical by the industry since it can lead to remote exploitation of the client system.
SRA/SMA X000 Series
The two supported versions of SRA/SMA X000 v10.7.2 and v11.3.0 , for the EX 6000, EX7000, EX9000, SMA 6200, SMA 7200 and SMA Virtual Appliances are vulnerable as are all older unsupported versions.
o Please find the hot-fix for 10.7.2 here: https://support.sonicwall.com/kb/186841
o Please find the hot-fix for 11.3.0 here: https://support.sonicwall.com/kb/186843
Should you have further questions or need assistance, please contact your preferred Dell SonicWALL reseller or Dell SonicWALL Support.