This article lists attacks that have been reported against library components used in Trellix IPS or other elements of it. Although these components might contain a vulnerability, the product doesn't use them in a way that poses a risk or might not even load the library.
So, this article lists vulnerabilities that you might see reported during scans or other testing, but that don't present a risk for the reason listed.
CVE/Reference |
Attack Description |
Response |
CVE-2015-5477 |
CVE-2015-5477 has been reported against BIND:
Named in ISC BIND 9.x (before 9.9.7-P2) and 9.10.x (before 9.10.2-P3), and allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
For more details, see the following:
|
Manager is not vulnerable to CVE-2015-5477 because the Manager does not use BIND.
(Formerly listed in articles KB85501 and KB85440) |
CVE-2014-8146
CVE-2014-8147 |
CERT Vulnerability Note VU#602540 lists the following vulnerabilities:
- CWE-122: Heap-based Buffer Overflow - CVE-2014-8146
Multiple out-of-bound writes may occur in the resolveImplicitLevels function of ubidi.c in affected versions of ICU4C.
- CWE-190: Integer Overflow or Wraparound - CVE-2014-8147
An integer overflow may occur in the resolveImplicitLevels function of ubidi.c in affected versions of ICU4C due to the assignment of an int32 value to an int16 type.
For more information, see this related article.
|
The Manager is not vulnerable to CVE-2014-8146 and CVE-2014-8147 because it does not use the ICU4C library.
(Formerly listed in article KB84803) |
CVE-2016-0777
CVE-2016-0778 |
The following vulnerabilities have been reported in OpenSSH:
- CVE-2016-0777 - The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
- CVE-2016-0778 - The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, don't properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
|
No. The Manager doesn't run or use OpenSSH. The Manager application isn't an SSH Client or Server.
(Formerly listed in article KB86519)
|
CVE-2015-1793 |
CVE-2015-1793 has been reported against OpenSSL.
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c doesn't properly process X.509 Basic Constraints CA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
For more information, see the following:
|
No, the Manager is not vulnerable to CVE-2015-1793 because it doesn't use the version of OpenSSL at risk from this vulnerability.
(Formerly listed in article KB85204) |
CVE-2015-4000 |
The vulnerability CVE-2015-4000 has been reported against the TLS protocol.
The TLS protocol 1.2 and earlier (when a DHE_EXPORT cipher suite is enabled on a server but not on a client), doesn't properly convey a DHE_EXPORT choice, allowing man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Client Hello with DHE replaced by DHE_EXPORT and then rewriting a Server Hello with DHE_EXPORT replaced by DHE, aka the Logjam issue.
For more information, see this related article. |
The Manager is not vulnerable to CVE-2015-4000 because export cipher is not enabled on the Manager.
(Formerly listed in article KB84838) |