Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro products and the GNU C Library (glibc) Vulnerability – [CVE-2015-7547]

    • Updated:
    • 27 Apr 2016
    • Product/Version:
    • Deep Security 9.0
    • Platform:
    • N/A N/A
Summary

What is the GNU glibc vulnerability?

On February 16, 2016, the maintainers of the GNU C Library (known as glibc, an open-source software library widely used in Linux systems) announced that they had released a fix for a vulnerability introduced in 2008 that allowed a buffer overflow to take place. The vulnerability (CVE-2015-7547) could allow an unauthenticated remote attacker to trigger a buffer overflow condition. This may result in a denial of service (DoS) condition or allow the attacker to execute arbitrary code on the affected device.

Who is impacted?

Theoretically, any Linux machine that is connected to the Internet could be at risk. An attacker could use this vulnerability to run malicious code on a targeted Linux system. However, research has indicated that while the attack is possible, no known exploit code that can do this is in the wild as of this posting. It is not trivial to exploit this flaw, unlike the previous flaws such as Heartbleed or Shellshock.

Details
Public

Major Linux distributions have already been patched to fix this vulnerability. System administrators should check if a patch is available for distributions in use within their organization.

Broadly speaking, Trend Micro also recommends that outgoing DNS traffic only be allowed to go through if they are bound for whitelisted DNS servers. A query to a malicious DNS server could be used to exploit this vulnerability; blocking queries to servers not on the whitelist would reduce the risk from this vector.

Does Trend Micro offer any protection against this vulnerability?

Fortunately, Trend Micro has some solutions that already provide protection against this threat.

Trend Micro Deep Security and Vulnerability Protection (formerly the IDF plug-in for OfficeScan) customers with the latest rules also have an additional layer of protection against this vulnerability.

Specifically, Trend Micro has released the following rules and patterns for proactive protection:

  • Security Update 16-004 for Deep Security (DSRU16-004)
  • Deep Packet Inspection (DPI) rule 1007456 - DNS Malformed Response Detected
  • Deep Packet Inspection (DPI) rule 1007457 - Allowed DNS Resolvers
  • Deep Packet Inspection (DPI) rule 1007458-glibc getaddrinfo Stack Based Buffer Overflow Vulnerability

What Trend Micro products are affected?

Product/VersionSeveritySolution / Additional Information
Deep Discovery Advisor 3.0 SP1LowCritical Patch
InterScan Messaging Security Virtual Appliance 9.0LowCritical Patch
SafeSync for Enterprise 3.1LowCritical Patch

What Trend Micro products are not affected?

ProductVersionNotes
Advanced Reporting and Management (ARM)1.6End-of-Support since December 31, 2015
Deep SecurityAll versionsDeep Security is not affected by this vulnerability.
Deep Discovery Inspector3.8Glibc version of DDI is 2.5.
Network Virus WallAll versionsGlibc version of NVW is 2.8.
Trend Micro Smart Protection Server2.5, 2.6, 3.0The OS of TMSPS is CentOS 5.0. Therefore, TMSPS is not affected.
Trend Micro Email Encryption Gateway5.5TMEEG 5.5 is using CentOS 5.2 with glibc-2.5-24.

What if my product is not listed?

If the product has not reached End-of-Support, it is most likely that Trend Micro is still analyzing the vulnerability and its impact on your product. As soon as the analysis is completed, the product will be added in the list.

What if I have additional questions?

For additional inquiries, contact Trend Micro Technical Support.

More information on the GNU glibc vulnerability can be found by visiting Trend Micro’s Security Intelligence Blog at: The Linux GNU C Library Vulnerability: What It Is, How To Fix It.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1113597
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.