Details of VAR-201602-0004

ID

VAR-201602-0004

CVE

CVE-2015-7547

TITLE

GNU glibc getaddrinfo () stack buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-01100

DESCRIPTION

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. GNU glibc is an open source C language compiler released under the LGPL license agreement. It is an implementation of the C library in the Linux operating system. There is a stack overflow vulnerability in the getaddrinfo function in glibc when processing a specific DNS response packet. An attacker can use the vulnerability to launch an attack on a Linux host or related devices by constructing a malicious DNS service or using a man-in-the-middle attack, which results in remote code execution and can be obtained. User terminal control. There is a buffer error vulnerability in the 'send_dg' and 'send_vc' functions in the resolv/res_send.c file of glibc version 2.9 to 2.22. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security and bug fix update Advisory ID: RHSA-2016:0175-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0175.html Issue date: 2016-02-16 CVE Names: CVE-2015-7547 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This issue was discovered by the Google Security Team and Red Hat. This update also fixes the following bugs: * The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with "dlopen: cannot load any more object with static TLS" should now start up correctly. (BZ#1291270) * A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. (BZ#1301625) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: glibc-2.12-1.166.el6_7.7.src.rpm i386: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.i686.rpm glibc-utils-2.12-1.166.el6_7.7.i686.rpm nscd-2.12-1.166.el6_7.7.i686.rpm x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: glibc-2.12-1.166.el6_7.7.src.rpm x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: glibc-2.12-1.166.el6_7.7.src.rpm i386: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.i686.rpm glibc-utils-2.12-1.166.el6_7.7.i686.rpm nscd-2.12-1.166.el6_7.7.i686.rpm ppc64: glibc-2.12-1.166.el6_7.7.ppc.rpm glibc-2.12-1.166.el6_7.7.ppc64.rpm glibc-common-2.12-1.166.el6_7.7.ppc64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-2.12-1.166.el6_7.7.ppc64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc64.rpm glibc-devel-2.12-1.166.el6_7.7.ppc.rpm glibc-devel-2.12-1.166.el6_7.7.ppc64.rpm glibc-headers-2.12-1.166.el6_7.7.ppc64.rpm glibc-utils-2.12-1.166.el6_7.7.ppc64.rpm nscd-2.12-1.166.el6_7.7.ppc64.rpm s390x: glibc-2.12-1.166.el6_7.7.s390.rpm glibc-2.12-1.166.el6_7.7.s390x.rpm glibc-common-2.12-1.166.el6_7.7.s390x.rpm glibc-debuginfo-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-2.12-1.166.el6_7.7.s390x.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390x.rpm glibc-devel-2.12-1.166.el6_7.7.s390.rpm glibc-devel-2.12-1.166.el6_7.7.s390x.rpm glibc-headers-2.12-1.166.el6_7.7.s390x.rpm glibc-utils-2.12-1.166.el6_7.7.s390x.rpm nscd-2.12-1.166.el6_7.7.s390x.rpm x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm ppc64: glibc-debuginfo-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-2.12-1.166.el6_7.7.ppc64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.ppc64.rpm glibc-static-2.12-1.166.el6_7.7.ppc.rpm glibc-static-2.12-1.166.el6_7.7.ppc64.rpm s390x: glibc-debuginfo-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-2.12-1.166.el6_7.7.s390x.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.s390x.rpm glibc-static-2.12-1.166.el6_7.7.s390.rpm glibc-static-2.12-1.166.el6_7.7.s390x.rpm x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: glibc-2.12-1.166.el6_7.7.src.rpm i386: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.i686.rpm glibc-utils-2.12-1.166.el6_7.7.i686.rpm nscd-2.12-1.166.el6_7.7.i686.rpm x86_64: glibc-2.12-1.166.el6_7.7.i686.rpm glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-devel-2.12-1.166.el6_7.7.i686.rpm glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm nscd-2.12-1.166.el6_7.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm x86_64: glibc-debuginfo-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-2.12-1.166.el6_7.7.x86_64.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.i686.rpm glibc-debuginfo-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.i686.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/articles/2161461 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWw0gnXlSAg2UNWIIRAgp4AJ9BIF6YHY/UoQcUvkEfqPbxa4+G6wCgouQY aOCbFFx87AiVZnfSlGYcLjI= =tRjT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures: RHEL 7-based RHEV-H - noarch RHEV Hypervisor for RHEL-6 - noarch 3. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05128937 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05128937 Version: 1 HPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-05-11 Last Updated: 2016-05-11 Potential Security Impact: Remote Arbitrary Code Execution, Denial of Service (DoS) Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY HPE 3PAR OS has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). References: - CVE-2015-7547 - PSRT110105 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HPE 3PAR OS versions 3.1.3 and later, prior to 3.2.1 MU5 and 3.2.2 MU2 using glibc BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-7547 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE has provided the following software updates and mitigation information to resolve the vulnerability in 3PAR OS using glibc. + 3PAR OS 3.2.1 MU5 and 3.2.2 MU2 - HPE recommends prior impacted versions update to 3PAR OS 3.2.1 MU 5 or 3.2.2 MU2. - glibc has been updated in these releases to resolve the glibc vulnerability. + 3PAR OS 3.1.3 is also vulnerable but will not be fixed. **Mitigation:** The best protection to guard against exploitation of this vulnerability is to securely configure and operate the storage array in accordance with the *HPE 3PAR Configuration Guidelines* documentation. Please contact HPE Technical Support for assistance. HISTORY Version:1 (rev.1) - 11 May 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Trust: 2.16

sources: NVD: CVE-2015-7547 // CNVD: CNVD-2016-01100 // VULHUB: VHN-85508 // PACKETSTORM: 135789 // PACKETSTORM: 135856 // PACKETSTORM: 137112 // PACKETSTORM: 140605 // PACKETSTORM: 136325 // PACKETSTORM: 136048 // PACKETSTORM: 136976

AFFECTED PRODUCTS

vendor:	suse	model:	linux enterprise server	scope:	eq	version:	12	Trust: 2.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.1	Trust: 1.6
vendor:	gnu	model:	glibc	scope:	eq	version:	2.21	Trust: 1.6
vendor:	gnu	model:	glibc	scope:	eq	version:	2.14.1	Trust: 1.6
vendor:	gnu	model:	glibc	scope:	eq	version:	2.16	Trust: 1.6
vendor:	gnu	model:	glibc	scope:	eq	version:	2.18	Trust: 1.6
vendor:	gnu	model:	glibc	scope:	eq	version:	2.22	Trust: 1.6
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11	Trust: 1.6
vendor:	gnu	model:	glibc	scope:	eq	version:	2.19	Trust: 1.6
vendor:	gnu	model:	glibc	scope:	eq	version:	2.20	Trust: 1.6
vendor:	gnu	model:	glibc	scope:	eq	version:	2.10.1	Trust: 1.6
vendor:	sophos	model:	unified threat management software	scope:	eq	version:	9.355	Trust: 1.0
vendor:	suse	model:	linux enterprise debuginfo	scope:	eq	version:	11.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	15.10	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	hp	model:	helion openstack	scope:	eq	version:	2.1.0	Trust: 1.0
vendor:	hp	model:	helion openstack	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.17	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	12	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.12.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	oracle	model:	exalogic infrastructure	scope:	eq	version:	1.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.9	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	7.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.10	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.11.2	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.15	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.12	Trust: 1.0
vendor:	hp	model:	helion openstack	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.14	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.12.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	sophos	model:	unified threat management software	scope:	eq	version:	9.319	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	11.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	11.0	Trust: 1.0
vendor:	oracle	model:	exalogic infrastructure	scope:	eq	version:	2.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	12	Trust: 1.0
vendor:	oracle	model:	fujitsu m10	scope:	lte	version:	2290	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	eq	version:	2.13	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	11.0	Trust: 1.0
vendor:	hp	model:	server migration pack	scope:	eq	version:	7.5	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	gt	version:	2.9	Trust: 0.6
vendor:	siemens	model:	ape	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	basic rt	scope:	eq	version:	v13	Trust: 0.6
vendor:	siemens	model:	rox ii os	scope:	gte	version:	v2.3.0<=v2.9.0	Trust: 0.6
vendor:	siemens	model:	scalance m-800 s615	scope:	eq	version:	/	Trust: 0.6
vendor:	siemens	model:	sinema remote connect	scope:	lt	version:	v1.2	Trust: 0.6

sources: CNVD: CNVD-2016-01100 // CNNVD: CNNVD-201602-348 // NVD: CVE-2015-7547

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7547
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2016-01100
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201602-348
value:	HIGH
Trust: 0.6
VULHUB:	VHN-85508
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7547
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2016-01100
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-85508
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7547
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2016-01100 // VULHUB: VHN-85508 // CNNVD: CNNVD-201602-348 // NVD: CVE-2015-7547

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.1

sources: VULHUB: VHN-85508 // NVD: CVE-2015-7547

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 135789 // PACKETSTORM: 135856 // CNNVD: CNNVD-201602-348

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201602-348

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-85508

PATCH

title:	Patch for GNU glibc getaddrinfo () stack buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/71529	Trust: 0.6
title:	glibc Fixes for stack-based buffer overflow vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=60267	Trust: 0.6

sources: CNVD: CNVD-2016-01100 // CNNVD: CNNVD-201602-348

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7547	Trust: 3.0
db:	BID	id:	83265	Trust: 2.3
db:	EXPLOIT-DB	id:	39454	Trust: 1.7
db:	EXPLOIT-DB	id:	40339	Trust: 1.7
db:	MCAFEE	id:	SB10150	Trust: 1.7
db:	PACKETSTORM	id:	167552	Trust: 1.7
db:	PACKETSTORM	id:	164014	Trust: 1.7
db:	PACKETSTORM	id:	135802	Trust: 1.7
db:	PACKETSTORM	id:	154361	Trust: 1.7
db:	SECTRACK	id:	1035020	Trust: 1.7
db:	CERT/CC	id:	VU#457759	Trust: 1.7
db:	PULSESECURE	id:	SA40161	Trust: 1.7
db:	TENABLE	id:	TRA-2017-08	Trust: 1.7
db:	ICS CERT	id:	ICSA-16-103-01	Trust: 1.7
db:	CNNVD	id:	CNNVD-201602-348	Trust: 0.7
db:	SIEMENS	id:	SSA-301706	Trust: 0.6
db:	CNVD	id:	CNVD-2016-01100	Trust: 0.6
db:	CXSECURITY	id:	WLB-2022060049	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2340	Trust: 0.6
db:	PACKETSTORM	id:	135856	Trust: 0.2
db:	PACKETSTORM	id:	136976	Trust: 0.2
db:	PACKETSTORM	id:	137112	Trust: 0.2
db:	PACKETSTORM	id:	136325	Trust: 0.2
db:	PACKETSTORM	id:	135789	Trust: 0.2
db:	PACKETSTORM	id:	136048	Trust: 0.2
db:	PACKETSTORM	id:	136808	Trust: 0.1
db:	PACKETSTORM	id:	135971	Trust: 0.1
db:	PACKETSTORM	id:	137497	Trust: 0.1
db:	PACKETSTORM	id:	135791	Trust: 0.1
db:	PACKETSTORM	id:	136988	Trust: 0.1
db:	PACKETSTORM	id:	138068	Trust: 0.1
db:	PACKETSTORM	id:	136881	Trust: 0.1
db:	PACKETSTORM	id:	135853	Trust: 0.1
db:	PACKETSTORM	id:	135911	Trust: 0.1
db:	PACKETSTORM	id:	137351	Trust: 0.1
db:	PACKETSTORM	id:	135801	Trust: 0.1
db:	PACKETSTORM	id:	136985	Trust: 0.1
db:	PACKETSTORM	id:	135800	Trust: 0.1
db:	PACKETSTORM	id:	138601	Trust: 0.1
db:	SEEBUG	id:	SSVID-90749	Trust: 0.1
db:	VULHUB	id:	VHN-85508	Trust: 0.1
db:	PACKETSTORM	id:	140605	Trust: 0.1

sources: CNVD: CNVD-2016-01100 // VULHUB: VHN-85508 // PACKETSTORM: 135789 // PACKETSTORM: 135856 // PACKETSTORM: 137112 // PACKETSTORM: 140605 // PACKETSTORM: 136325 // PACKETSTORM: 136048 // PACKETSTORM: 136976 // CNNVD: CNNVD-201602-348 // NVD: CVE-2015-7547

REFERENCES

url:	https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/154361/cisco-device-hardcoded-credentials-gnu-glibc-busybox.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/164014/moxa-command-injection-cross-site-scripting-vulnerable-software.html	Trust: 2.3
url:	http://packetstormsecurity.com/files/167552/nexans-ftto-gigaswitch-outdated-components-hardcoded-backdoor.html	Trust: 2.3
url:	https://access.redhat.com/articles/2161461	Trust: 1.9
url:	http://rhn.redhat.com/errata/rhsa-2016-0175.html	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-0277.html	Trust: 1.8
url:	http://www.securitytracker.com/id/1035020	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2019/sep/7	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/sep/7	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2021/sep/0	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2022/jun/36	Trust: 1.7
url:	https://www.exploit-db.com/exploits/39454/	Trust: 1.7
url:	https://www.exploit-db.com/exploits/40339/	Trust: 1.7
url:	http://www.securityfocus.com/bid/83265	Trust: 1.7
url:	http://www.debian.org/security/2016/dsa-3480	Trust: 1.7
url:	http://www.debian.org/security/2016/dsa-3481	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177404.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177412.html	Trust: 1.7
url:	https://security.gentoo.org/glsa/201602-02	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-0176.html	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-0225.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html	Trust: 1.7
url:	http://ubuntu.com/usn/usn-2900-1	Trust: 1.7
url:	https://www.kb.cert.org/vuls/id/457759	Trust: 1.7
url:	http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow	Trust: 1.7
url:	http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-stack-based-buffer-overflow.html	Trust: 1.7
url:	http://support.citrix.com/article/ctx206991	Trust: 1.7
url:	http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow	Trust: 1.7
url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Trust: 1.7
url:	http://www.vmware.com/security/advisories/vmsa-2016-0002.html	Trust: 1.7
url:	https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/	Trust: 1.7
url:	https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/	Trust: 1.7
url:	https://bto.bluecoat.com/security-advisory/sa114	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1293532	Trust: 1.7
url:	https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html	Trust: 1.7
url:	https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05028479	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04989404	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05008367	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05053211	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05073516	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05098877	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05125672	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05128937	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05130958	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05140858	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05176716	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05212266	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722	Trust: 1.7
url:	https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes	Trust: 1.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-16-103-01	Trust: 1.7
url:	https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40161	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20160217-0002/	Trust: 1.7
url:	https://sourceware.org/bugzilla/show_bug.cgi?id=18665	Trust: 1.7
url:	https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html	Trust: 1.7
url:	https://support.lenovo.com/us/en/product_security/len_5450	Trust: 1.7
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17	Trust: 1.7
url:	https://www.tenable.com/security/research/tra-2017-08	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=145672440608228&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=145596041017029&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=145857691004892&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=146161017210491&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=145690841819314&w=2	Trust: 1.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10150	Trust: 1.6
url:	https://access.redhat.com/security/cve/cve-2015-7547	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7547	Trust: 0.7
url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf	Trust: 0.6
url:	https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html	Trust: 0.6
url:	https://isc.sans.edu/diary/cve-2015-7547	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2016:0225	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2016:0277	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2016:0176	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2016:0175	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160304-01-glibc-cn	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2340/	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2022060049	Trust: 0.6
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.5
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.5
url:	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n	Trust: 0.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://helion.hpwsportal.com	Trust: 0.2
url:	http://marc.info/?l=bugtraq&m=145690841819314&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=145596041017029&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=145672440608228&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=145857691004892&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=146161017210491&w=2	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10150	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4877	Trust: 0.1
url:	https://www.hpe.com/info/report-security-vulnerability	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0702	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2842	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6420	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0705	Trust: 0.1
url:	https://h20392.www2.hpe.com/portal/swdepot/displayproductinfo.do?productnumb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0050	Trust: 0.1
url:	https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0799	Trust: 0.1
url:	https://cloudos.hpwsportal.com/#/product/%7b%22productid%22%3a%222804%22%7d/s	Trust: 0.1
url:	https://cloudos.hpwsportal.com/#/product/%7b%22productid%22%3a%222800%22%7d/s	Trust: 0.1
url:	http://docs.hpcloud.com/#devplatform/2.0/gibcpatch/devplatform.glibc_patch.ht	Trust: 0.1
url:	https://cloudos.hpwsportal.com/#/product/%7b%22productid%22%3a%222955%22%7d/s	Trust: 0.1
url:	https://cloudos.hpwsportal.com/#/product/%7b%22productid%22%3a%222923%22%7d/s	Trust: 0.1
url:	http://docs.hpcloud.com/#helion/installation/upgrade20_to_212.html	Trust: 0.1
url:	http://docs.hpcloud.com/#helion/installation/upgrade_to_212.html	Trust: 0.1

CREDITS

T. Weber

Trust: 0.6

sources: CNNVD: CNNVD-201602-348

SOURCES

db:	CNVD	id:	CNVD-2016-01100
db:	VULHUB	id:	VHN-85508
db:	PACKETSTORM	id:	135789
db:	PACKETSTORM	id:	135856
db:	PACKETSTORM	id:	137112
db:	PACKETSTORM	id:	140605
db:	PACKETSTORM	id:	136325
db:	PACKETSTORM	id:	136048
db:	PACKETSTORM	id:	136976
db:	CNNVD	id:	CNNVD-201602-348
db:	NVD	id:	CVE-2015-7547

LAST UPDATE DATE

2026-04-18T21:21:44.530000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-01100	date:	2016-07-12T00:00:00
db:	VULHUB	id:	VHN-85508	date:	2023-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201602-348	date:	2023-04-06T00:00:00
db:	NVD	id:	CVE-2015-7547	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-01100	date:	2016-02-18T00:00:00
db:	VULHUB	id:	VHN-85508	date:	2016-02-18T00:00:00
db:	PACKETSTORM	id:	135789	date:	2016-02-16T17:17:25
db:	PACKETSTORM	id:	135856	date:	2016-02-19T23:33:00
db:	PACKETSTORM	id:	137112	date:	2016-05-18T23:31:21
db:	PACKETSTORM	id:	140605	date:	2017-01-19T13:56:50
db:	PACKETSTORM	id:	136325	date:	2016-03-22T00:03:01
db:	PACKETSTORM	id:	136048	date:	2016-03-03T00:54:17
db:	PACKETSTORM	id:	136976	date:	2016-05-12T16:07:19
db:	CNNVD	id:	CNNVD-201602-348	date:	2016-02-18T00:00:00
db:	NVD	id:	CVE-2015-7547	date:	2016-02-18T21:59:00.120