Check Point response to CVE-2015-7547 and CVE-2015-5229
Google Research Team reported on a vulnerability in glibc library: CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow.
Check Point OSs status towards CVE-2015-7547 and CVE-2015-5229:
- Gaia - not vulnerable since Red Hat Enterprise Linux 5 does not distribute the vulnerable version of glibc.
- SecurePlatform - not vulnerable since Red Hat Enterprise Linux 5 does not distribute the vulnerable version of glibc.
- IPSO - not vulnerable since it uses BSD's libc and not glibc.
- BlueCoat - under investigation. Refer to the Official Advisory
- Edge - Edge libc library is vulnerable, but the problematic function (getaddrinfo) is not used there, since local DNS queries are performed by proprietary code.
- Embedded Gaia:
- Check Point 1100/600 Gateways - not vulnerable as they use an older glibc library which is not vulnerable.
- Check Point 1200R and 730/750 devices are vulnerable.
On February 18th 2016, Check Point released DNS Client Resolver glibc Buffer Overflow (CVE-2015-7547) IPS protection that protects customer environments.
This protection detects and blocks both TCP and UDP attempts to exploit this vulnerability through Check Point Security Gateway.
Make sure this protection is enabled in your IPS Profile.