copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ASB-2016.0030 - [Appliance] Tenable Appliance: Execute arbitrary code/commands - Remote/unauthenticated

Date: 15 March 2016
References: ESB-2016.0387  ESB-2016.0394  ESB-2016.0406  ESB-2016.0417.2  ESB-2016.0419.2  ESB-2016.0422  ESB-2016.0738  ESB-2016.1173  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2016.0030
      A vulnerability has been identified in Tenable Appliance 4.0.0
                               15 March 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Tenable Appliance
Operating System:     Network Appliance
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2015-7547  
Member content until: Thursday, April 14 2016
Reference:            ESB-2016.0422
                      ESB-2016.0417
                      ESB-2016.0406
                      ESB-2016.0394
                      ESB-2016.0387
                      ESB-2016.0419.2

OVERVIEW

        A vulnerability has been identified in Tenable Appliance 4.0.0. [1]


IMPACT

        The vendor has provided the following details regarding this issue:
        
        CVE-2015-7547: "The Tenable Appliance is built on a Linux 
        distribution that utilizes the GNU C Library (glibc). A 
        vulnerability was recently reported impacting glibc, which may 
        impact the Appliance. According to the researchers, glibc contains 
        an overflow condition in the send_dg() and send_vc() functions in 
        libresolv resolv/res_send.c where input is not properly validated 
        when looking up domain names via the getaddrinfo() call. This may 
        allow a remote attacker to cause a stack-based buffer overflow, 
        resulting in a denial of service or potentially allowing the 
        execution of arbitrary code." [1]


MITIGATION

        The vendor has stated that updates will be available through the 
        Tenable online repositories:
        
        "A glibc update is available via the online repositories, which are
        checked every night by the appliance. When the update is found a 
        notification will appear in the administrative interface. Appliance
        administrators will need to direct the system to apply the updates 
        so as not to interfere with scanning activities." [1]


REFERENCES

        [1] [R1] GNU C Library (glibc) Vulnerability Affects Tenable Appliance
            http://www.tenable.com/security/tns-2016-05

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVudjx36ZAP0PgtI9AQKsZg//QHSJCcqdBAo7+s8lVj6J7lq8xJFGVQFs
15mwM/3uodG0/o7ZES98sMyro/7AZMm0krVTL0Y7g23ySt2fSiH1nxQMOwYU5Oek
yL+rZf/ngIxGLVv9a3DTQ6nGUp6Oyc1P1I+Xri5i+xy0FOpI2+9LieAjUPkVdd2C
N967B4Uu81fxBSl/z9h4Oo45yrOxS/zFbgjn/5E1bHD+9mFKwSxvSWfZM/6b2gNI
D51FOvlNdchen8CacXxDC1Pl2chJJXGJ/YdSPftz5Ym4mB2CDJWM8Z3ZU3F5RyI9
ZsarvwgsInQ2TihKBAxuZMONMRaSW4COFKnzwPnBUAhyEwRNcAUxaKo4t6opkoUd
4YP2dD2zp3fiTPcVQyiziJe0hien+yvaZOGtK21gTvrJg8OBOd8HukYm+OQtbmUA
nHhOLXvPODMa0iV+In0YmB0uTzBKOFGgOQWmb380XC3+LsnKKpotQuPElK0pYOS5
439zwmJyOWgCVtJHghS1a9C5HEYh29M3sy2rCWIBNWt0q/f1SZ4QUZdikIcmojBO
mqToyX5Ubalp6h+j1v2pEDFGlLd8Xy3r8DaeyQb6N6KQG2p54akQgw9PG9OqBWTd
oHGPioZgV+QqY2Gc+KF1qVvOGYWOkSD/eZhlAaypD2Yu1GMc54P1v96ZIr8nARqS
u+SPZkSWd+o=
=nSTa
-----END PGP SIGNATURE-----