Last revised: 10/18/2016
A vulnerability in the GNU libc (glibc) DNS resolver allows remote code execution (CVE-2015-7547). However, this issue can be exploited only from a DNS server that is under the control of an attacker. (Ref # 91886).
This glibc issue is only exploitable by an attacker controlling the DNS server configured for the device. Furthermore, the attacker must overcome additional anti-exploitation mitigations, such as ASLR, to mount a successful attack.
PAN-OS 5.0.19 and earlier; PAN-OS 5.1.12 and earlier; PAN-OS 6.0.14 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.7 and earlier; PAN-OS 7.1.3 and earlier
PAN-OS 5.0.20 and later; PAN-OS 5.1.13 and later; PAN-OS 6.0.15 and later; PAN-OS 6.1.13 and later; PAN-OS 7.0.8 and later; PAN-OS 7.1.4 and later
This vulnerability can affect PAN-OS software only when the device is configured with a DNS server that is under the control of an attacker. Palo Alto Networks discourages configuring the device with untrusted DNS servers.