CVE-2015-7547
Description
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)
glibc - 'getaddrinfo' Remote Stack Buffer Overflow
OS impact
Red Hat Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| 7.0 | Affected | โ |
SUSE Affected 3 releases
| Version | Status | Fixed in |
|---|---|---|
| 13.2 | Affected | โ |
| 12 | Affected | โ |
| 11.0 | Affected | โ |
Ubuntu Affected 3 releases
| Version | Status | Fixed in |
|---|---|---|
| 15.10 | Affected | โ |
| 14.04 | Affected | โ |
| 12.04 | Affected | โ |
Debian Mixed 6 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.21-8 |
| sid | Fixed | 2.21-8 |
| forky | Fixed | 2.21-8 |
| bullseye | Fixed | 2.21-8 |
| bookworm | Fixed | 2.21-8 |
| 8.0 | Affected | โ |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| hp | helion_openstack | 1.1.1 | |
| hp | helion_openstack | 2.0.0 | |
| hp | helion_openstack | 2.1.0 | |
| hp | server_migration_pack | 7.5 | |
| sophos | unified_threat_management_software | 9.319 | |
| sophos | unified_threat_management_software | 9.355 | |
| suse | linux_enterprise_debuginfo | 11.0 | |
| oracle | exalogic_infrastructure | 1.0 | |
| oracle | exalogic_infrastructure | 2.0 | |
| f5 | big-ip_access_policy_manager | 12.0.0 | |
| f5 | big-ip_advanced_firewall_manager | 12.0.0 | |
| f5 | big-ip_analytics | 12.0.0 | |
| f5 | big-ip_application_acceleration_manager | 12.0.0 | |
| f5 | big-ip_application_security_manager | 12.0.0 | |
| f5 | big-ip_domain_name_system | 12.0.0 | |
| f5 | big-ip_link_controller | 12.0.0 | |
| f5 | big-ip_local_traffic_manager | 12.0.0 | |
| f5 | big-ip_policy_enforcement_manager | 12.0.0 | |
| gnu | glibc | 2.9 | |
| gnu | glibc | 2.10 | |
| gnu | glibc | 2.10.1 | |
| gnu | glibc | 2.11 | |
| gnu | glibc | 2.11.1 | |
| gnu | glibc | 2.11.2 | |
| gnu | glibc | 2.11.3 | |
| gnu | glibc | 2.12 | |
| gnu | glibc | 2.12.1 | |
| gnu | glibc | 2.12.2 | |
| gnu | glibc | 2.13 | |
| gnu | glibc | 2.14 | |
| gnu | glibc | 2.14.1 | |
| gnu | glibc | 2.15 | |
| gnu | glibc | 2.16 | |
| gnu | glibc | 2.17 | |
| gnu | glibc | 2.18 | |
| gnu | glibc | 2.19 | |
| gnu | glibc | 2.20 | |
| gnu | glibc | 2.21 | |
| gnu | glibc | 2.22 | |
References
- http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html
- http://marc.info/?l=bugtraq&m=145596041017029&w=2
- http://marc.info/?l=bugtraq&m=145672440608228&w=2
- http://marc.info/?l=bugtraq&m=145690841819314&w=2
- http://marc.info/?l=bugtraq&m=145857691004892&w=2
- http://marc.info/?l=bugtraq&m=146161017210491&w=2
- http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- http://rhn.redhat.com/errata/RHSA-2016-0175.html
- http://rhn.redhat.com/errata/RHSA-2016-0176.html
- http://rhn.redhat.com/errata/RHSA-2016-0225.html
- http://rhn.redhat.com/errata/RHSA-2016-0277.html
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://seclists.org/fulldisclosure/2021/Sep/0
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.