Symantec VIP server vulnerability with Linux host OS

search cancel

Symantec VIP server vulnerability with Linux host OS

book

Article ID: 378564

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Security scans may detect vulnerability with VIP Enterprise Gateway installed on Linux for 'libcurl' library file

Environment

VIP Enterprise Gateway version 9.11 or lower installed on Linux

Cause

libcurl.so.4 library needs to be version 8.9.1 or higher to correct vulnerability

Instance Detail:
Path: /opt/Symantec/VIP_Enterprise_Gateway/Validation/bin/libcurl.so.4
Installed version : 7.56.1 (*Note: VIP 9.11.0 version)
Fixed version : 8.9.1

Resolution

Apply the hotfix attached to this KB article as mentioned in the included instruction file: "VIP_EG_911_BRCMVIP-6794_HotFix_Readme.docx"

The prerequisite for this hot fix is:

VIP EG 9.11 Linux
VIP_EG9_11_Radius_Vulnerability_CVE-2024-3596 (downloadable from VIP Manager): https://knowledge.broadcom.com/external/article/371735/radius-protocol-vulnerability-advisory-f.html

Note: This fix will be included in VIP Enterprise Gateway version 9.11.1. There is not currently an ETA on when this version will be released.

Additional Information

CVE(s): CVE-2024-7264 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264

Attachments

VIP_EG_911_BRCMVIP-6794_HotFix.zip get_app

Feedback

thumb_up Yes

thumb_down No