Found vulnerabilites in DLP servers
search cancel

Found vulnerabilites in DLP servers

book

Article ID: 236524

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor and Prevent for Email and Web

Issue/Introduction

You found the below vulnerabilities on your DLP Network monitor servers. 

GHOST glibc Library Vulnerability

DESCRIPTION

Versions of glibc prior to 2.18 are vulnerable to a buffer overflow in the gethostbyname() and gethostbyname2() functions. An attacker that successfully exploited this vulnerability could gain control of the affected system.

SOLUTION

Update to glibc 2.18 or higher.

glibc getaddrinfo Stack-based Buffer Overflow Vulnerability

DESCRIPTION Versions of glibc between 2.9 and 2.22 are vulnerable to a stack-based buffer overflow vulnerability when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack An attacker that successfully exploited this vulnerability could gain control of the affected system.SOLUTIONUpdate to glibc 2.23 or higher.

Environment

Release : 15.7

 

Resolution

Upgrading to the recommended version of glicbc should not affect DLP.

Powered by Wolken Software