Executive Summary

Summary
Title mDNSResponder contains multiple memory-based vulnerabilities
Informations
Name VU#143335 First vendor Publication 2016-06-20
Vendor VU-CERT Last vendor Modification 2016-06-20
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#143335

mDNSResponder contains multiple memory-based vulnerabilities

Original Release date: 20 Jun 2016 | Last revised: 20 Jun 2016

Overview

mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference.

Description

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-7987

Improper bounds checking in "GetValueForIPv4Addr()", "GetValueForMACAddr()", "rfc3110_import()", and "CopyNSEC3ResourceRecord()" functions may allow an attacker to read or write memory.

CWE-476: NULL Pointer Dereference - CVE-2015-7988

Improper input validation in "handle_regservice_request()" may allow an attacker to execute arbitrary code or cause a denial of service.

Apple has also issued a security advisory for these issues.

mDNSResponder-379.27 and later before mDNSResponder-625.41.2 are vulnerable to both issues. The CVSS score below is based on CVE-2015-7987.

Impact

A remote attacker may be able to execute arbitrary code or cause a denial of service on the system running mDNSResponder.

Solution

Apply an update

mDNSResponder 625.41.2 has been released to address these issues. Affected users should update as soon as possible.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Android Open Source ProjectAffected03 Nov 201527 Jan 2016
AppleAffected16 Oct 201523 Oct 2015
Arista Networks, Inc.Not Affected22 Jan 201615 Feb 2016
CoreOSNot Affected22 Jan 201625 Jan 2016
Debian GNU/LinuxNot Affected23 Oct 201523 Oct 2015
Fedora ProjectNot Affected23 Oct 201522 Jan 2016
InfobloxNot Affected22 Jan 201625 Jan 2016
Intel CorporationNot Affected22 Jan 201625 Jan 2016
Red Hat, Inc.Not Affected23 Oct 201522 Jan 2016
ACCESSUnknown21 Mar 201621 Mar 2016
Alcatel-LucentUnknown21 Mar 201621 Mar 2016
Arch LinuxUnknown23 Oct 201523 Oct 2015
Aruba NetworksUnknown21 Mar 201621 Mar 2016
AT&TUnknown21 Mar 201621 Mar 2016
Avaya, Inc.Unknown22 Jan 201622 Jan 2016
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

GroupScoreVector
Base6.8AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal5.3E:POC/RL:OF/RC:C
Environmental4.0CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • https://support.apple.com/en-us/HT206846
  • http://www.opensource.apple.com/tarballs/mDNSResponder/
  • https://developer.apple.com/bonjour/
  • http://cwe.mitre.org/data/definitions/120.html
  • http://cwe.mitre.org/data/definitions/476.html

Credit

Thanks to Apple for reporting this issue to us and working with us to coordinate the fix with vendors.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-7987CVE-2015-7988
  • Date Public:20 Jun 2016
  • Date First Published:20 Jun 2016
  • Date Last Updated:20 Jun 2016
  • Document Revision:82

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/143335

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 1
Application 1
Os 155
Os 104
Os 7

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2016-06-28 09:37:25
  • Multiple Updates
2016-06-26 09:35:43
  • Multiple Updates
2016-06-21 05:24:37
  • First insertion