Vulnerability Name: CVE-2015-5229 (CCN-110711) Assigned: 2015-08-21 Published: 2015-08-21 Updated: 2016-11-28 Summary: The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
2.6 Low (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-17 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2015-5229 Critical: glibc security and bug fix update RHSA-2016:0176 The GNU C Library Multiple vulnerabilities in the GNU C Library (glibc) affect PowerKVM Security vulnerabilities in glibc affect IBM Security Proventia Network Enterprise Scanner (CVE-2014-9761, CVE-2015-8778, CVE-2015-8779, CVE-2015-1781, CVE-2015-5229, CVE-2015-8776) Multiple vulnerabilities in NTP, OpenSSL, GNU glibc and Libreswan affect IBM Netezza Host Management IBM Security Guardium is affected by OpenSource GNU glibc Vulnerability (CVE-2015-8776 CVE-2015-5229) Vulnerabilities in OpenSSL affect IBM Security Network Active Bypass (CVE-2015-5229, CVE-2015-8776) Vulnerabilities in Glibc affect IBM Security Network Controller (CVE-2015-5229, CVE-2015-8776) http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html 84172 https://bugzilla.redhat.com/show_bug.cgi?id=1246713 (CVE-2015-5229) CVE-2015-5229 glibc: calloc may return non-zero memory https://bugzilla.redhat.com/show_bug.cgi?id=1256285 https://bugzilla.redhat.com/show_bug.cgi?id=1293976 glibc-cve20155229-dos(110711) https://kc.mcafee.com/corporate/index?page=content&id=SB10150 Vulnerable Configuration: Configuration 1 :cpe:/o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:7.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:* Configuration RedHat 6 :cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:* Configuration RedHat 7 :cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:* Configuration RedHat 8 :cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:* Configuration RedHat 9 :cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:* Configuration RedHat 10 :cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:* Configuration CCN 1 :cpe:/a:gnu:glibc:2.21:*:*:*:*:*:*:* AND cpe:/a:ibm:puredata_system:1.0.0:*:*:*:analytics:*:*:* OR cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.0:*:*:*:*:*:*:* OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.1:*:*:*:*:*:*:* Oval Definitions BACK
redhat enterprise linux 6.7
redhat enterprise linux 7.2
redhat enterprise linux desktop 7.0
redhat enterprise linux hpc node 7.0
redhat enterprise linux hpc node eus 7.2
redhat enterprise linux server 7.0
redhat enterprise linux server aus 7.2
redhat enterprise linux server eus 7.2
redhat enterprise linux workstation 7.0
gnu glibc 2.21
ibm puredata system for analytics 1.0.0
ibm powerkvm 2.1
ibm security guardium 10.0
ibm powerkvm 3.1
redhat enterprise linux desktop 7
redhat enterprise linux hpc node 7
redhat enterprise linux hpc node eus 7.2
redhat enterprise linux server 7
redhat enterprise linux server aus 7.2
redhat enterprise linux server eus 7.2
redhat enterprise linux workstation 7
ibm security guardium 10.1
Denotes that component is vulnerable