Glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

February 18, 2016

Summary

A remotely exploitable vulnerability has been found in glibc's DNS client side resolver. The resolver is vulnerable when the getaddrinfo() glibc library function is used. Software using this function may be remotely exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. [1] [2]

Impact

Attackers may be able to execute arbitrary code remotely by exploiting this vulnerability. While it is believed exploitability is difficult due to modern operating system protections such as ASLR, not all permutations of this vulnerability have been explored. [3]

Because of the widespread usage of glibc, it is thought that thousands of different types of systems and devices may be vulnerable. 

Vulnerable

  • All versions of glibc since 2.9 are affected.
  • Systems using older versions of glibc are still strongly advised to upgrade.

Recommendations

  • Upgrade and patch glibc immediately. Consult your operating system, software, or hardware vendor for patches.
  • Links to patches for common Linux distributions are provided in the References section below. [4] [5] [6]
  • Those with the capability to patch glibc manually can find a patch provided by Google, Red Hat, and the glibc project team. [7]

References