IBM SmartCloud Entry is vulnerable to bind vulnerabilities. Remote attackers could exploit the vulnerabilities to trigger an assertion failues and make named exit unexpectedly with an assertion failure by sending a specially crafted DNS packet.
CVE(s): CVE-2016-2848, CVE-2016-2776
Affected product(s) and affected version(s):
IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 7
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2i3wBpd
X-Force Database: http://ift.tt/2gwtW3a
X-Force Database: http://ift.tt/2ggfRbX
from IBM Product Security Incident Response Team http://ift.tt/2iAjSYl
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.