Security Advisory: Tanium Products Not Vulnerable to CVE-2015-7547

The Tanium Security Team would like to proactively notify our customers that none of our products are vulnerable to the exploit described in CVE-2015-7547.

Please note that while the Tanium Client for Linux does rely on glibc, we do not invoke the vulnerable component (libnss_dns). Consistent with security best practices, Tanium will include the patched version of glibc for future releases of the Tanium Client for Linux.

Please contact security@tanium.com if you have any additional questions about CVE-2015-7547.

 

References

https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

https://isc.sans.edu/forums/diary/CVE20157547+Critical+Vulnerability+in+glibc+getaddrinfo/20737/

Have more questions? Submit a request