Glibc vulnerability for Dell SonicWALL SSLVPN SRA Appliances
On Tuesday, February 16th, Google posted a blog outlining a vulnerability in glibc (the GNU C library) which is used in many products and leaves those products vulnerable to remote exploitation. The vulnerability, identified as CVE-2015-7547, is similar to Heartbleed and Shellshock in terms of the scope of affected systems, but is not as serious as it is significantly more difficult to exploit.
Successful exploitation of the vulnerability relies on the potential victim communicating with a hostile/malicious DNS server or to be subject to a man-in-the-middle attack. Nevertheless, the vulnerability is considered to be critical by the industry since it can lead to remote exploitation of the client system.
This vulnerability is being seen across the industry and Dell SonicWALL is working quickly to provide a hot-fix and patch to ensure continued protection with Dell SonicWALL SRA/SMA Series.
For Tier1net customers using Dell SonicWALL SSLVPN SRA Appliances:
• All SRA firmware versions prior to 220.127.116.11-11sv for SRA 4600/1600/Virtual Appliance and 18.104.22.168-25sv for SRA 4200/1200 are affected.
• Action: Tier1net will open trouble tickets for all impacted customers and install the Dell SonicWALL patch to resolve this vulnerability
If you also have Dell SonicWALL firewalls deployed, please note: The Dell SonicWALL threat research team successfully published an Intrusion Prevention Service (IPS) signature on Tuesday, February 16th that automatically updated all customer systems running IPS worldwide, protecting networks behind our firewalls within 12 hours of identification. Dell SonicWALL firewalls are not susceptible to the glibc buffer overflow vulnerability.
Full details about the vulnerability and protection can be found in this SonicAlert article.
Read How Dell SonicWALL Guards Against the Glibc Vulnerability blog by Ken Dang from SonicWALL.