Mitigate CVE-2015-7547 Logjam vulnerability for Asset Manager

Document ID:KM02262318
Creation Date:25-Apr-2016
Modified Date:25-Apr-2016
- Micro Focus Products:
  asset manager 9.50
  
  asset manager 9.41
  
  asset manager 9.40
  
  asset manager 9.32
  
  asset manager 9.31
  
  asset manager 9.30

Summary

The Linux GNU C library (glibc) exposes new vulnerabilities as described in CVE-2015-7547. HPE has investigated the CVE-2015-7547 in relation to HPE Asset Manager

Question

Mitigate CVE-2015-7547 Logjam vulnerability for Asset Manager

The Linux GNU C library (glibc) exposes new vulnerabilities as described in CVE-2015-7547.

The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo library function is used.

Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.

HPE has investigated the CVE-2015-7547 in relation to HPE Asset Manager and this document provides the required actions that must be performed to mitigate this vulnerability.

For detailed information about this vulnerability and how to mitigate it for Asset Manager, see the attached PDF document.

AM - glibc getaddrinfo stack-based buffer overflow - CVE-2015-7547.pdf