DescriptionVULNERABILITY CVE-2015-7547
SolutionDate: 02.23.2016
Updated: 03.15.2016
Issue: Bradford is aware of the vulnerability CVE-2015-7547. This refers to a stack-based buffer overflow condition which creates opportunity for attackers to manipulate DNS traffic that can adversely affect libresolv.
Information regarding this vulnerability can be found at the following URL:
https://access.redhat.com/security/cve/cve-2015-7547
Only Network Sentry appliances running Firmware Version 6.0 (available on CentOS7) are susceptible to the vulnerability. Appliances running Firmware Version 5.x or below are not susceptible.
Confirming Firmware Version
Administrative UI: Refer to the Summary panel in the dashboard to confirm the appliance Firmware Version. If this panel does not display, click the Add Panel button to add the Summary panel to the view.
CLI: The Firmware Version displays upon login.
Product Family: NetworkSentry
Appliance Type: Network Sentry VM-NS1200
Engine Version: 8.0.0.514
Build Date: Mon 28-Dec-2015
Firmware Version: 6.0.0.437
Firmware Date: 2015-10-23
Solution: Apply the latest Network Sentry OS update.
For details see Network Sentry O/S Updates - March 14, 2016