CVE-2015-7547
Description
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2015-7547
Vendor advisory: secalert@redhat.com — https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
Vendor advisory: secalert@redhat.com — http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 2.21-8 |
| debian | bullseye | fixed | 2.21-8 |
| debian | forky | fixed | 2.21-8 |
| debian | sid | fixed | 2.21-8 |
| debian | trixie | fixed | 2.21-8 |
| debian | 8.0 | affected | |
| ubuntu | 12.04 | affected | |
| ubuntu | 14.04 | affected | |
| ubuntu | 15.10 | affected | |
| suse | 13.2 | affected | |
| suse | 11.0 | affected | |
| suse | 12 | affected | |
| rhel | 7.0 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| hp | helion_openstack | 1.1.1 | |
| hp | helion_openstack | 2.0.0 | |
| hp | helion_openstack | 2.1.0 | |
| hp | server_migration_pack | 7.5 | |
| sophos | unified_threat_management_software | 9.319 | |
| sophos | unified_threat_management_software | 9.355 | |
| suse | linux_enterprise_debuginfo | 11.0 | |
| oracle | exalogic_infrastructure | 1.0 | |
| oracle | exalogic_infrastructure | 2.0 | |
| f5 | big-ip_access_policy_manager | 12.0.0 | |
| f5 | big-ip_advanced_firewall_manager | 12.0.0 | |
| f5 | big-ip_analytics | 12.0.0 | |
| f5 | big-ip_application_acceleration_manager | 12.0.0 | |
| f5 | big-ip_application_security_manager | 12.0.0 | |
| f5 | big-ip_domain_name_system | 12.0.0 | |
| f5 | big-ip_link_controller | 12.0.0 | |
| f5 | big-ip_local_traffic_manager | 12.0.0 | |
| f5 | big-ip_policy_enforcement_manager | 12.0.0 | |
| gnu | glibc | 2.9 | |
| gnu | glibc | 2.10 | |
| gnu | glibc | 2.10.1 | |
| gnu | glibc | 2.11 | |
| gnu | glibc | 2.11.1 | |
| gnu | glibc | 2.11.2 | |
| gnu | glibc | 2.11.3 | |
| gnu | glibc | 2.12 | |
| gnu | glibc | 2.12.1 | |
| gnu | glibc | 2.12.2 | |
| gnu | glibc | 2.13 | |
| gnu | glibc | 2.14 | |
| gnu | glibc | 2.14.1 | |
| gnu | glibc | 2.15 | |
| gnu | glibc | 2.16 | |
| gnu | glibc | 2.17 | |
| gnu | glibc | 2.18 | |
| gnu | glibc | 2.19 | |
| gnu | glibc | 2.20 | |
| gnu | glibc | 2.21 | |
| gnu | glibc | 2.22 | |
References
- http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html
- http://marc.info/?l=bugtraq&m=145596041017029&w=2
- http://marc.info/?l=bugtraq&m=145672440608228&w=2
- http://marc.info/?l=bugtraq&m=145690841819314&w=2
- http://marc.info/?l=bugtraq&m=145857691004892&w=2
- http://marc.info/?l=bugtraq&m=146161017210491&w=2
- http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- http://rhn.redhat.com/errata/RHSA-2016-0175.html
- http://rhn.redhat.com/errata/RHSA-2016-0176.html
- http://rhn.redhat.com/errata/RHSA-2016-0225.html
- http://rhn.redhat.com/errata/RHSA-2016-0277.html
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://seclists.org/fulldisclosure/2021/Sep/0
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.