Executive Summary

Summary
Title glibc vulnerable to stack buffer overflow in DNS resolver
Informations
NameVU#457759First vendor Publication2016-02-17
VendorVU-CERTLast vendor Modification2016-03-14
Severity (Vendor) N/ARevisionM

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#457759

glibc vulnerable to stack buffer overflow in DNS resolver

Original Release date: 17 Feb 2016 | Last revised: 14 Mar 2016

Overview

GNU glibc contains a buffer overflow vulnerability in the DNS resolver, which may allow a remote attacker to execute arbitrary code.

Description

CWE-121: Stack-based Buffer Overflow - CVE-2015-7547

According to a Google security blog post:

"The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack."

According to glibc developers, the vulnerable code was initially added in May 2008 as part of the development for glibc 2.9. All versions from 2.9 (originally released November 2008) to 2.22 appear to be affected.

More details and analysis are available in the patch announcement from glibc developers.

Impact

The getaddrinfo() function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.

Solution

Apply an update

A patch for glibc is available. Affected users should apply the patch as soon as possible. The patch will also be included as part of the upcoming glibc 2.23 release.

The Vendor Status information below provides more information on updates.

Vendor Information (Learn More)

Some embedded operating systems or older, no longer supported versions of linux distributions may contain an older version of glibc that is vulnerable. Please check with your vendor to find out if you need to upgrade to a newer operating system in order to address this issue.

VendorStatusDate NotifiedDate Updated
Android Open Source ProjectAffected17 Feb 201623 Feb 2016
Arista Networks, Inc.Affected17 Feb 201617 Feb 2016
Blue Coat SystemsAffected17 Feb 201626 Feb 2016
CentOSAffected17 Feb 201614 Mar 2016
CiscoAffected17 Feb 201618 Feb 2016
Debian GNU/LinuxAffected17 Feb 201617 Feb 2016
Gentoo LinuxAffected17 Feb 201617 Feb 2016
GNU glibcAffected17 Feb 201617 Feb 2016
Red Hat, Inc.Affected17 Feb 201617 Feb 2016
UbuntuAffected17 Feb 201617 Feb 2016
EfficientIPNot Affected-18 Feb 2016
Openwall GNU/*/LinuxNot Affected17 Feb 201622 Feb 2016
PC-BSDNot Affected17 Feb 201617 Feb 2016
TCPWaveNot Affected-18 Feb 2016
ACCESSUnknown17 Feb 201617 Feb 2016
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal8.1E:POC/RL:TF/RC:C
Environmental8.1CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

  • https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
  • https://sourceware.org/bugzilla/show_bug.cgi?id=18665
  • https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
  • https://sourceware.org/glibc/wiki/Glibc%20Timeline

Credit

This vulnerability was disclosed by Fermin J. Serna and Kevin Stadmeyer of Google and Florian Weimer and Carlos O’Donell of Red Hat. Google thanks: "Neel Mehta, Thomas Garnier, Gynvael Coldwind, Michael Schaller, Tom Payne, Michael Haro, Damian Menscher, Matt Brown, Yunhong Gu, Florian Weimer, Carlos O’Donell and the rest of the glibc team for their help figuring out all details about this bug, exploitation, and patch development."

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-7547
  • Date Public:16 Feb 2016
  • Date First Published:17 Feb 2016
  • Date Last Updated:14 Mar 2016
  • Document Revision:51

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/457759

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1
Application1
Application1
Application1
Application1
Application1
Application1
Application1
Application21
Application3
Application1
Application2
Application2
Application3
Os3
Os1
Os1
Os1
Os1
Os1
Os1
Os1
Os1
Os1
Os1
Os4
Os5
Os4
Os1

Snort® IPS/IDS

DateDescription
2016-03-14glibc getaddrinfo AAAA record stack buffer overflow attempt
RuleID : 37731-community - Revision : 5 - Type : PROTOCOL-DNS
2016-03-22glibc getaddrinfo AAAA record stack buffer overflow attempt
RuleID : 37731 - Revision : 5 - Type : PROTOCOL-DNS
2016-03-14glibc getaddrinfo A record stack buffer overflow attempt
RuleID : 37730-community - Revision : 5 - Type : PROTOCOL-DNS
2016-03-22glibc getaddrinfo A record stack buffer overflow attempt
RuleID : 37730 - Revision : 5 - Type : PROTOCOL-DNS

Nessus® Vulnerability Scanner

DateDescription
2018-02-28Name : The version of Arista Networks EOS running on the remote device is affected b...
File : arista_eos_sa0017.nasl - Type : ACT_GATHER_INFO
2017-03-30Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0051.nasl - Type : ACT_GATHER_INFO
2016-09-14Name : The remote device is missing a vendor-supplied security patch.
File : cisco-CSCuy36553-nxos.nasl - Type : ACT_GATHER_INFO
2016-03-04Name : The remote Fedora host is missing a security update.
File : fedora_2016-0480defc94.nasl - Type : ACT_GATHER_INFO
2016-03-04Name : The remote Fedora host is missing a security update.
File : fedora_2016-0f9e9a34ce.nasl - Type : ACT_GATHER_INFO
2016-02-25Name : The remote VMware ESXi host is missing a security-related patch.
File : vmware_VMSA-2016-0002.nasl - Type : ACT_GATHER_INFO
2016-02-24Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2016-054-02.nasl - Type : ACT_GATHER_INFO
2016-02-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0277.nasl - Type : ACT_GATHER_INFO
2016-02-23Name : The remote VMware ESXi host is affected by a remote code execution vulnerabil...
File : vmware_VMSA-2016-0002_remote.nasl - Type : ACT_GATHER_INFO
2016-02-22Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-234.nasl - Type : ACT_GATHER_INFO
2016-02-19Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-233.nasl - Type : ACT_GATHER_INFO
2016-02-18Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0471-1.nasl - Type : ACT_GATHER_INFO
2016-02-18Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0472-1.nasl - Type : ACT_GATHER_INFO
2016-02-18Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2dd7e97ed5e811e5bcbdbc5ff45d0f28.nasl - Type : ACT_GATHER_INFO
2016-02-18Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201602-02.nasl - Type : ACT_GATHER_INFO
2016-02-18Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-224.nasl - Type : ACT_GATHER_INFO
2016-02-18Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0470-1.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2016-653.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-0175.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2016-0176.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote Debian host is missing a security update.
File : debian_DLA-416.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3480.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3481.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL47098834.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-0175.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2016-0176.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0013.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0175.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0176.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2016-0225.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160216_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20160216_glibc_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2016-02-17Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2900-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
DateInformations
2016-09-15 13:25:13
  • Multiple Updates
2016-03-14 17:22:54
  • Multiple Updates
2016-02-29 21:30:07
  • Multiple Updates
2016-02-29 21:24:14
  • Multiple Updates
2016-02-26 17:28:35
  • Multiple Updates
2016-02-26 17:23:55
  • Multiple Updates
2016-02-25 09:28:56
  • Multiple Updates
2016-02-24 13:27:07
  • Multiple Updates
2016-02-22 17:28:21
  • Multiple Updates
2016-02-22 17:23:29
  • Multiple Updates
2016-02-19 21:29:02
  • Multiple Updates
2016-02-19 05:30:13
  • Multiple Updates
2016-02-18 17:30:28
  • Multiple Updates
2016-02-18 17:25:51
  • Multiple Updates
2016-02-18 00:28:54
  • Multiple Updates
2016-02-18 00:24:20
  • Multiple Updates
2016-02-17 21:30:42
  • Multiple Updates
2016-02-17 21:24:52
  • First insertion