- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Support Central: KB #4858: CVE-2015-7547 glibc getaddrinfo stack-based buffer overflow vulnerability
Support Central: KB #4858: CVE-2015-7547 glibc getaddrinfo stack-based buffer overflow vulnerability
We've received a few requests for information regarding the stack-based buffer overflow vulnerability. This is "hot off the press" with additional information coming next week.
Problem Summary
NIOS DNS servers are vulnerable to CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow
Overview
On February 16, 2016, a vulnerability in glibc's DNS resolver was disclosed publicly. It is tracked as CVE-2015-7547. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo library function is used. This function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers or through a man-in-the-middle attack. A discussion of the problem from glibc developers is available athttps://sourceware.org/ml/libc-alpha/2016-02/msg00416.html Google has also provided detailed information at: https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
Affected Versions
All versions of NIOS
Description
All existing versions of NIOS are vulnerable in a limited fashion. This vulnerability does not affect the BIND resolver, which is used to provide the vast majority of DNS services in NIOS. The vulnerability is in the glibc resolver that is used by the Linux host in a small number of cases. The vulnerability relies on an oversized (2048+ bytes) UDP or TCP response, which is followed by another response that will overwrite the stack. Examples of such cases in NIOS are DNS name resolution of member hostname's and Infoblox servers that provide services to the appliance. The vulnerability requires the configuration of a domain name which resolves to a comprised server, or a successful man-in-the-middle attack during such name resolution - making this very difficult to exploit.