{"vuid":"VU#457759","idnumber":"457759","name":"glibc vulnerable to stack buffer overflow in DNS resolver","keywords":["glibc","dns","buffer overflow","stack","CWE-121"],"overview":"GNU glibc contains a buffer overflow vulnerability in the DNS resolver, which may allow a remote attacker to execute arbitrary code.","clean_desc":"CWE-121: Stack-based Buffer Overflow - CVE-2015-7547 According to a Google security blog post: \"The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.\" According to glibc developers, the vulnerable code was initially added in May 2008 as part of the development for glibc 2.9. All versions from 2.9 (originally released November 2008) to 2.22 appear to be affected. More details and analysis are available in the patch announcement from glibc developers.","impact":"The getaddrinfo() function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.","resolution":"Apply an update A patch for glibc is available. Affected users should apply the patch as soon as possible. The patch will also be included as part of the upcoming glibc 2.23 release. The Vendor Status information below provides more information on updates.","workarounds":"","sysaffected":"Some embedded operating systems or older, no longer support","thanks":"This vulnerability was disclosed by Fermin J. Serna \nand \nKevin Stadmeyer \nof Google and \nFlorian Weimer and Carlos O’Donell of Red Hat. Goog\nle thanks: \"\nNeel Mehta, Thomas Garnier, Gynvael Coldwind, Michael Schaller, Tom Payne, Michael Haro, Damian Menscher, Matt Brown, Yunhong Gu, Florian Weimer, Carlos O’Donell and the rest of the glibc team for their help figuring out all details about this bug, exploitation, and patch development.","author":"This document was written by Garret Wassermann.","public":["https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html","https://sourceware.org/bugzilla/show_bug.cgi?id=18665","https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html","https://sourceware.org/glibc/wiki/Glibc%20Timeline"],"cveids":["CVE-2015-7547"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-02-16T17:45:53Z","publicdate":"2016-02-16T00:00:00Z","datefirstpublished":"2016-02-17T18:46:30Z","dateupdated":"2016-03-14T14:25:57Z","revision":52,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"TF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"H","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"8.1","cvss_environmentalscore":"8.0955407232","cvss_environmentalvector":"CDP:ND/TD:H/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}