Riverbed Products vulnerable to CVE-2015-7547
Categories: Security, Product
Solution Number: S27906
Posted: 19-02-2016
Dear Teneo Customer,
A security flaw was recently discovered in the Linux Operating System and Riverbed are currently investigating which RiOS releases this flaw affects.
A vulnerability (CVE-2015-7547 aka glibc stack-based buffer overflow in getaddrinfo()) has been reported. For more information on this vulnerability, please refer to the following:
This issue is tracked by Riverbed bugs TBD.
For additional information on how to subscribe, see technical article S22384.
Solution
Riverbed is actively working on identifying and resolving this CVE across all vulnerable products. As each product is updated, tested, and released, Riverbed will update this notification on their support portal. Check back periodically to learn when updates to the products you use become available.
| Product | Status | Fixed release (expected release date) |
| SteelHead CX (appliance, virtual, cloud) |
9.0.0 and above vulnerable | 9.1.2a (late March 2016) |
| SteelHead Interceptor | 4.5.0 and above vulnerable | TBD |
| SteelCentral Controller for SteelHead |
9.0.0 and above vulnerable | TBD |
| SteelCentral Controller for SteelHead Mobile | 4.6.0 and above vulnerable | TBD |
| Product | Status | Fixed release (expected release date) |
| AirPcap driver | Not vulnerable | NA |
| AppCapacity | Pending | |
| AppInternals | AppInternals 10.x Analysis server vulnerable AppInternals Agents not vulnerable AppInternals 9.x not vulnerable |
AppInternals Analysis Server 10.3.0 (March 2016) NA NA |
| AppMapper | Not vulnerable | NA |
| AppResponse | Not vulnerable | NA |
| AppSQL | Pending | |
| Dashboards | Not vulnerable | NA |
| Flow Gateway | Pending | 10.9 (June 2016) |
| Modeler | Pending | |
| NetAuditor | Pending | |
| NetCollector | Not vulnerable | NA |
| NetExpress | Pending | 10.9 (June 2016) |
| NetPlanner | Pending | |
| NetProfiler | Pending | 10.9 (June 2016) |
| NetSensor | Not vulnerable | NA |
| NetShark | 9.5 and above vulnerable | 10.9.2 (June 2016) |
| Packet Analyzer | Not vulnerable | NA |
| Portal | Not vulnerable | NA |
| Report Server | Pending | |
| Transaction Analyzer | Not vulnerable | NA |
| UCExpert | Pending | |
| WebAnalyzer | Not vulnerable | NA |
| Product | Status | Fixed Release (expected release date) |
| SteelFusionCore (appliance, virtual) | 4.1.0 and above vulnerable | TBD |
| SteelFusion Edge | 4.1.0 and above vulnerable | TBD |
| SteelHead EX | 3.6.0 and above vulnerable | TBD |
| Product | Status | Fixed Release (expected release date) |
| Manager | Pending | |
| Gateway | Pending | |
| Access Point | Pending | |
| Switch | Pending |
- Under investigation
| Product | Status | Fixed Release (expected release date) |
| WinDump | Not vulnerable | NA |
| WinPcap | Not vulnerable | NA |
| Wireshark | Pending |
What if I need help?
If you have any questions regarding this notification please don’t hesitate to reach out to us, or visit our support portal.
You can contact us on our 24 x 7 support number or mail us support@teneo.net
EMEA: +44 (0)845 299 0623
US: +1 877 836 3610
APAC: +61 1800 765 389
Thanks
Teneo Support
Comments
0 comments
Article is closed for comments.