6.8 - VU#457759

Executive Summary

Summary
Title	glibc vulnerable to stack buffer overflow in DNS resolver

Informations
Name	VU#457759	First vendor Publication	2016-02-17
Vendor	VU-CERT	Last vendor Modification	2016-03-14
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#457759

glibc vulnerable to stack buffer overflow in DNS resolver

Original Release date: 17 Feb 2016 | Last revised: 14 Mar 2016

Overview

GNU glibc contains a buffer overflow vulnerability in the DNS resolver, which may allow a remote attacker to execute arbitrary code.

Description

CWE-121: Stack-based Buffer Overflow - CVE-2015-7547

According to a Google security blog post:

"The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack."

According to glibc developers, the vulnerable code was initially added in May 2008 as part of the development for glibc 2.9. All versions from 2.9 (originally released November 2008) to 2.22 appear to be affected.

More details and analysis are available in the patch announcement from glibc developers.

Impact

The getaddrinfo() function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.

Solution

Apply an update

A patch for glibc is available. Affected users should apply the patch as soon as possible. The patch will also be included as part of the upcoming glibc 2.23 release.

The Vendor Status information below provides more information on updates.

Vendor Information (Learn More)

Some embedded operating systems or older, no longer supported versions of linux distributions may contain an older version of glibc that is vulnerable. Please check with your vendor to find out if you need to upgrade to a newer operating system in order to address this issue.

Vendor	Status	Date Notified	Date Updated
Android Open Source Project	Affected	17 Feb 2016	23 Feb 2016
Arista Networks, Inc.	Affected	17 Feb 2016	17 Feb 2016
Blue Coat Systems	Affected	17 Feb 2016	26 Feb 2016
CentOS	Affected	17 Feb 2016	14 Mar 2016
Cisco	Affected	17 Feb 2016	18 Feb 2016
Debian GNU/Linux	Affected	17 Feb 2016	17 Feb 2016
Gentoo Linux	Affected	17 Feb 2016	17 Feb 2016
GNU glibc	Affected	17 Feb 2016	17 Feb 2016
Red Hat, Inc.	Affected	17 Feb 2016	17 Feb 2016
Ubuntu	Affected	17 Feb 2016	17 Feb 2016
EfficientIP	Not Affected	-	18 Feb 2016
Openwall GNU/*/Linux	Not Affected	17 Feb 2016	22 Feb 2016
PC-BSD	Not Affected	17 Feb 2016	17 Feb 2016
TCPWave	Not Affected	-	18 Feb 2016
ACCESS	Unknown	17 Feb 2016	17 Feb 2016

If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group	Score	Vector
Base	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal	8.1	E:POC/RL:TF/RC:C
Environmental	8.1	CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
https://sourceware.org/bugzilla/show_bug.cgi?id=18665
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
https://sourceware.org/glibc/wiki/Glibc%20Timeline

Credit

This vulnerability was disclosed by Fermin J. Serna and Kevin Stadmeyer of Google and Florian Weimer and Carlos O’Donell of Red Hat. Google thanks: "Neel Mehta, Thomas Garnier, Gynvael Coldwind, Michael Schaller, Tom Payne, Michael Haro, Damian Menscher, Matt Brown, Yunhong Gu, Florian Weimer, Carlos O’Donell and the rest of the glibc team for their help figuring out all details about this bug, exploitation, and patch development."

This document was written by Garret Wassermann.

Other Information

CVE IDs:CVE-2015-7547
Date Public:16 Feb 2016
Date First Published:17 Feb 2016
Date Last Updated:14 Mar 2016
Document Revision:51

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/457759

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	f5 Big-Ip Access Policy Manager cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:::::::*	1
Application	f5 Big-Ip Advanced Firewall Manager cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:::::::*	1
Application	f5 Big-Ip Analytics cpe:2.3:a:f5:big-ip_analytics:12.0.0:::::::*	1
Application	f5 Big-Ip Application Acceleration Manager cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:::::::*	1
Application	f5 Big-Ip Application Security Manager cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:::::::*	1
Application	f5 Big-Ip Domain Name System cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:::::::*	1
Application	f5 Big-Ip Link Controller cpe:2.3:a:f5:big-ip_link_controller:12.0.0:::::::*	1
Application	f5 Big-Ip Local Traffic Manager cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:::::::*	1
Application	f5 Big-Ip Policy Enforcement Manager cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:::::::*	1
Application	Gnu Glibc cpe:2.3:a:gnu:glibc:2.9:::::::* cpe:2.3:a:gnu:glibc:2.22:::::::* cpe:2.3:a:gnu:glibc:2.21:::::::* cpe:2.3:a:gnu:glibc:2.20:::::::* cpe:2.3:a:gnu:glibc:2.19:::::::* cpe:2.3:a:gnu:glibc:2.18:::::::* cpe:2.3:a:gnu:glibc:2.17:::::::* cpe:2.3:a:gnu:glibc:2.16:::::::* cpe:2.3:a:gnu:glibc:2.15:::::::* cpe:2.3:a:gnu:glibc:2.14.1:::::::* cpe:2.3:a:gnu:glibc:2.14:::::::* cpe:2.3:a:gnu:glibc:2.13:::::::* cpe:2.3:a:gnu:glibc:2.12.2:::::::* cpe:2.3:a:gnu:glibc:2.12.1:::::::* cpe:2.3:a:gnu:glibc:2.12:::::::* cpe:2.3:a:gnu:glibc:2.11.3:::::::* cpe:2.3:a:gnu:glibc:2.11.2:::::::* cpe:2.3:a:gnu:glibc:2.11.1:::::::* cpe:2.3:a:gnu:glibc:2.11:::::::* cpe:2.3:a:gnu:glibc:2.10.1:::::::* cpe:2.3:a:gnu:glibc:2.10:::::::*	21
Application	Hp Helion Openstack cpe:2.3:a:hp:helion_openstack:2.1.0:::::::* cpe:2.3:a:hp:helion_openstack:2.0.0:::::::* cpe:2.3:a:hp:helion_openstack:1.1.1:::::::*	3
Application	Hp Server Migration Pack cpe:2.3:a:hp:server_migration_pack:7.5:::::::*	1
Application	Oracle Exalogic Infrastructure cpe:2.3:a:oracle:exalogic_infrastructure:2.0:::::::* cpe:2.3:a:oracle:exalogic_infrastructure:1.0:::::::*	2
Application	Sophos Unified Threat Management Software cpe:2.3:a:sophos:unified_threat_management_software:9.355:::::::* cpe:2.3:a:sophos:unified_threat_management_software:9.319:::::::*	2
Application	Suse Linux Enterprise Debuginfo cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp2:::::: cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp3:::::: cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp4::::::	3
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::	3
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:8.0:::::::*	1
Os	Opensuse cpe:2.3:o:opensuse:opensuse:13.2:::::::*	1
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*	1
Os	Redhat Enterprise Linux Hpc Node cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*	1
Os	Redhat Enterprise Linux Hpc Node Eus cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:::::::*	1
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*	1
Os	Redhat Enterprise Linux Server Aus cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*	1
Os	Redhat Enterprise Linux Server Eus cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*	1
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*	1
Os	Suse Linux Enterprise Desktop cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:::::: cpe:2.3:o:suse:linux_enterprise_desktop:12:-:::::: cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp4:::::: cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp3::::::	4
Os	Suse Linux Enterprise Server cpe:2.3:o:suse:linux_enterprise_server:12:sp1:::::: cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3::::vmware::* cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:::::: cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4:::::: cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:::lts:::*	5
Os	Suse Linux Enterprise Software Development Kit cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:::::: cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:::::::* cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp3:::::: cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::	4
Os	Suse Suse Linux Enterprise Server cpe:2.3:o:suse:suse_linux_enterprise_server:12:-::::::	1

Snort® IPS/IDS

Date	Description
2016-03-14	glibc getaddrinfo AAAA record stack buffer overflow attempt RuleID : 37731-community - Revision : 5 - Type : PROTOCOL-DNS
2016-03-22	glibc getaddrinfo AAAA record stack buffer overflow attempt RuleID : 37731 - Revision : 5 - Type : PROTOCOL-DNS
2016-03-14	glibc getaddrinfo A record stack buffer overflow attempt RuleID : 37730-community - Revision : 5 - Type : PROTOCOL-DNS
2016-03-22	glibc getaddrinfo A record stack buffer overflow attempt RuleID : 37730 - Revision : 5 - Type : PROTOCOL-DNS

Nessus® Vulnerability Scanner

Date	Description
2018-02-28	Name : The version of Arista Networks EOS running on the remote device is affected b... File : arista_eos_sa0017.nasl - Type : ACT_GATHER_INFO
2017-03-30	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0051.nasl - Type : ACT_GATHER_INFO
2016-09-14	Name : The remote device is missing a vendor-supplied security patch. File : cisco-CSCuy36553-nxos.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2016-0f9e9a34ce.nasl - Type : ACT_GATHER_INFO
2016-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2016-0480defc94.nasl - Type : ACT_GATHER_INFO
2016-02-25	Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2016-0002.nasl - Type : ACT_GATHER_INFO
2016-02-24	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2016-054-02.nasl - Type : ACT_GATHER_INFO
2016-02-23	Name : The remote VMware ESXi host is affected by a remote code execution vulnerabil... File : vmware_VMSA-2016-0002_remote.nasl - Type : ACT_GATHER_INFO
2016-02-23	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0277.nasl - Type : ACT_GATHER_INFO
2016-02-22	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-234.nasl - Type : ACT_GATHER_INFO
2016-02-19	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-233.nasl - Type : ACT_GATHER_INFO
2016-02-18	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2dd7e97ed5e811e5bcbdbc5ff45d0f28.nasl - Type : ACT_GATHER_INFO
2016-02-18	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0472-1.nasl - Type : ACT_GATHER_INFO
2016-02-18	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0471-1.nasl - Type : ACT_GATHER_INFO
2016-02-18	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0470-1.nasl - Type : ACT_GATHER_INFO
2016-02-18	Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-224.nasl - Type : ACT_GATHER_INFO
2016-02-18	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201602-02.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-653.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2900-1.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160216_glibc_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160216_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0225.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0176.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0175.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0013.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0176.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0175.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL47098834.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3481.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3480.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote Debian host is missing a security update. File : debian_DLA-416.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0176.nasl - Type : ACT_GATHER_INFO
2016-02-17	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0175.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-09-15 13:25:13	Multiple Updates
2016-03-14 17:22:54	Multiple Updates
2016-02-29 21:30:07	Multiple Updates
2016-02-29 21:24:14	Multiple Updates
2016-02-26 17:28:35	Multiple Updates
2016-02-26 17:23:55	Multiple Updates
2016-02-25 09:28:56	Multiple Updates
2016-02-24 13:27:07	Multiple Updates
2016-02-22 17:28:21	Multiple Updates
2016-02-22 17:23:29	Multiple Updates
2016-02-19 21:29:02	Multiple Updates
2016-02-19 05:30:13	Multiple Updates
2016-02-18 17:30:28	Multiple Updates
2016-02-18 17:25:51	Multiple Updates
2016-02-18 00:28:54	Multiple Updates
2016-02-18 00:24:20	Multiple Updates
2016-02-17 21:30:42	Multiple Updates
2016-02-17 21:24:52	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	67
Snort® Rule(s)	4
Nessus® Exploit(s)	33

	Related
8.1	CVE-2015-7547
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)