Juniper Networks Information for VU#457759

glibc vulnerable to stack buffer overflow in DNS resolver

Status

Unknown. If you are the vendor named above, please contact us to update your status.

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has provided the following list. A statement is available at the URL below.

The following products have been confirmed to be not vulnerable to the glibc issue reported as CVE-2015-7547:

  • ​​​​​Junos OS does not use glibc and is not affected by this issue.
    Note: Linux VM-based platforms (e.g. vSRX, vMX, etc.) include glibc, but do not make use of DNS client libraries during normal operation.
  • ​​Junos Space
  • ScreenOS uses a different implementation of libc and is not affected by this issue.
  • QFabric Director
  • ​JUNOSe
  • CTP and CTPView
  • NSM server relies on underlying OS glibc library. Contact OS vendor
  • SBR Carrier running on RHEL relies on the glibc library shipped with the OS.  Customers should contact the OS vendor to upgrade glibc.
  • SBR Carrier running on Solaris is not vulnerable as it does not use this library.
  • ​WX/WXC
  • Netscreen IDP

Other products are still under investigation.​

Vendor References

http://forums.juniper.net/t5/Security-Incident-Response/glibc-getaddrinfo-stack-based-buffer-overflow-CVE-2015-7547/ba-p/288261

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.