Juniper Networks Information for VU#457759
glibc vulnerable to stack buffer overflow in DNS resolver
- Vendor Information Help Date Notified: 17 Feb 2016
- Statement Date: 19 Feb 2016
- Date Updated: 22 Feb 2016
Unknown. If you are the vendor named above, please contact us to update your status.
No statement is currently available from the vendor regarding this vulnerability.
The vendor has provided the following list. A statement is available at the URL below.
The following products have been confirmed to be not vulnerable to the glibc issue reported as CVE-2015-7547:
- Junos OS does not use glibc and is not affected by this issue.
Note: Linux VM-based platforms (e.g. vSRX, vMX, etc.) include glibc, but do not make use of DNS client libraries during normal operation.
- Junos Space
- ScreenOS uses a different implementation of libc and is not affected by this issue.
- QFabric Director
- CTP and CTPView
- NSM server relies on underlying OS glibc library. Contact OS vendor
- SBR Carrier running on RHEL relies on the glibc library shipped with the OS. Customers should contact the OS vendor to upgrade glibc.
- SBR Carrier running on Solaris is not vulnerable as it does not use this library.
- Netscreen IDP
Other products are still under investigation.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.