SB2016061507 - Multiple vulnerabilities in HP OneView Products using glibc and OpenSSL
Published: June 15, 2016 Updated: April 17, 2025
Security Bulletin ID
SB2016061507
Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2015-7547)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to stack-based buffer overflow in in the (1) send_dg and (2) send_vc functions in the libresolv library. A remote attacker can use a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module, cause memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
2) Double free error (CVE-ID: CVE-2016-0705)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists due to double-free error when parsing DSA private keys. A remote attacker can trigger memory corruption and cause the service to crash.
Remediation
Install update from vendor's website.