ID CVE-2015-7547
Summary Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
References
Vulnerable Configurations
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • cpe:2.3:a:hp:helion_openstack:1.1.1
    cpe:2.3:a:hp:helion_openstack:1.1.1
  • cpe:2.3:a:hp:helion_openstack:2.0.0
    cpe:2.3:a:hp:helion_openstack:2.0.0
  • cpe:2.3:a:hp:helion_openstack:2.1.0
    cpe:2.3:a:hp:helion_openstack:2.1.0
  • cpe:2.3:a:hp:server_migration_pack:7.5
    cpe:2.3:a:hp:server_migration_pack:7.5
  • Sophos Unified Threat Management (UTM) Software 9.319
    cpe:2.3:a:sophos:unified_threat_management_software:9.319
  • Sophos Unified Threat Management (UTM) Software 9.355
    cpe:2.3:a:sophos:unified_threat_management_software:9.355
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp2
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp2
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp3
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp3
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp4
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11.0:sp4
  • Novell openSUSE 13.2
    cpe:2.3:o:novell:opensuse:13.2
  • cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp3
    cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp3
  • cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp4
    cpe:2.3:o:suse:linux_enterprise_desktop:11.0:sp4
  • SUSE Linux Enterprise Desktop 12
    cpe:2.3:o:suse:linux_enterprise_desktop:12
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1
    cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1
  • cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:-:-:lts
    cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:-:-:lts
  • cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3
    cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3
  • cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:-:-:-:vmware
    cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:-:-:-:vmware
  • cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4
    cpe:2.3:o:suse:linux_enterprise_server:11.0:sp4
  • SUSE Linux Enterprise Server 12
    cpe:2.3:o:suse:linux_enterprise_server:12
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp1
    cpe:2.3:o:suse:linux_enterprise_server:12:sp1
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp3
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp3
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4
  • SUSE Linux Enterprise Software Development Kit (SDK) 12
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:12
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1
  • Oracle Exalogic Infrastructure 1.0
    cpe:2.3:a:oracle:exalogic_infrastructure:1.0
  • Oracle Exalogic Infrastructure 2.0
    cpe:2.3:a:oracle:exalogic_infrastructure:2.0
  • F5 BIG-IP Access Policy Manager (APM) 12.0.0
    cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0
  • F5 BIG-IP Advanced Firewall Manager (APM) 12.0.0
    cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0
  • F5 BIG-IP Analytics 12.0.0
    cpe:2.3:a:f5:big-ip_analytics:12.0.0
  • F5 BIG-IP Application Acceleration Manager (AAM) 12.0.0
    cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0
  • F5 BIG-IP Application Security Manager (ASM) 12.0.0
    cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0
  • F5 BIG-IP Domain Name System 12.0.0
    cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0
  • F5 BIG-IP Link Controller 12.0.0
    cpe:2.3:a:f5:big-ip_link_controller:12.0.0
  • F5 BIG-IP Local Traffic Manager (LTM) 12.0.0
    cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0
  • F5 BIG-IP Policy Enforcement Manager (PEM) 12.0.0
    cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0
  • Oracle Fujitsu M10 Firmware 2290
    cpe:2.3:o:oracle:fujitsu_m10_firmware:2290
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • Red Hat Enterprise Linux HPC Node EUS 7.2
    cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server AUS 7.2
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2
  • Red Hat Enterprise Linux Server EUS 7.2
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • GNU glibc 2.9
    cpe:2.3:a:gnu:glibc:2.9
  • GNU glibc 2.10
    cpe:2.3:a:gnu:glibc:2.10
  • GNU glibc 2.10.1
    cpe:2.3:a:gnu:glibc:2.10.1
  • GNU glibc 2.11
    cpe:2.3:a:gnu:glibc:2.11
  • GNU glibc 2.11.1
    cpe:2.3:a:gnu:glibc:2.11.1
  • GNU glibc 2.11.2
    cpe:2.3:a:gnu:glibc:2.11.2
  • GNU glibc 2.11.3
    cpe:2.3:a:gnu:glibc:2.11.3
  • GNU glibc 2.12
    cpe:2.3:a:gnu:glibc:2.12
  • GNU glibc 2.12.1
    cpe:2.3:a:gnu:glibc:2.12.1
  • GNU glibc 2.12.2
    cpe:2.3:a:gnu:glibc:2.12.2
  • GNU glibc 2.13
    cpe:2.3:a:gnu:glibc:2.13
  • GNU glibc 2.14
    cpe:2.3:a:gnu:glibc:2.14
  • GNU glibc 2.14.1
    cpe:2.3:a:gnu:glibc:2.14.1
  • GNU glibc 2.15
    cpe:2.3:a:gnu:glibc:2.15
  • GNU glibc 2.16
    cpe:2.3:a:gnu:glibc:2.16
  • GNU glibc 2.17
    cpe:2.3:a:gnu:glibc:2.17
  • GNU glibc 2.18
    cpe:2.3:a:gnu:glibc:2.18
  • GNU glibc 2.19
    cpe:2.3:a:gnu:glibc:2.19
  • GNU glibc 2.20
    cpe:2.3:a:gnu:glibc:2.20
  • GNU glibc 2.21
    cpe:2.3:a:gnu:glibc:2.21
  • GNU Glibc 2.22
    cpe:2.3:a:gnu:glibc:2.22
CVSS
Base: 6.8 (as of 05-08-2016 - 10:21)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description glibc - getaddrinfo Stack-Based Buffer Overflow. CVE-2015-7547. Dos exploit for linux platform
    file exploits/linux/dos/39454.txt
    id EDB-ID:39454
    last seen 2016-02-21
    modified 2016-02-16
    platform linux
    port
    published 2016-02-16
    reporter Google Security Research
    source https://www.exploit-db.com/download/39454/
    title glibc - getaddrinfo Stack-Based Buffer Overflow
    type dos
  • description glibc - getaddrinfo Stack Based Buffer Overflow. CVE-2015-7547. Remote exploit for Linux platform
    file exploits/linux/remote/40339.py
    id EDB-ID:40339
    last seen 2016-09-06
    modified 2016-09-06
    platform linux
    port
    published 2016-09-06
    reporter SpeeDr00t
    source https://www.exploit-db.com/download/40339/
    title glibc - getaddrinfo Stack Based Buffer Overflow
    type remote
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3481.NASL
    description Several vulnerabilities have been fixed in the GNU C Library, glibc. The first vulnerability listed below is considered to have critical impact. - CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its internal buffers, leading to a stack-based buffer overflow and arbitrary code execution. This vulnerability affects most applications which perform host name resolution using getaddrinfo, including system services. - CVE-2015-8776 Adam Nielsen discovered that if an invalid separated time value is passed to strftime, the strftime function could crash or leak information. Applications normally pass only valid time information to strftime; no affected applications are known. - CVE-2015-8778 Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r functions did not check the size argument properly, leading to a crash (denial of service) for certain arguments. No impacted applications are known at this time. - CVE-2015-8779 The catopen function contains several unbound stack allocations (stack overflows), causing it the crash the process (denial of service). No applications where this issue has a security impact are currently known. While it is only necessary to ensure that all processes are not using the old glibc anymore, it is recommended to reboot the machines after applying the security upgrade.
    last seen 2018-09-01
    modified 2017-01-27
    plugin id 88768
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88768
    title Debian DSA-3481-1 : glibc - security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160216_GLIBC_ON_SL6_X.NASL
    description A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This update also fixes the following bugs : - The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with 'dlopen: cannot load any more object with static TLS' should now start up correctly. - A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application.
    last seen 2018-09-01
    modified 2017-01-27
    plugin id 88797
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88797
    title Scientific Linux Security Update : glibc on SL6.x i386/x86_64
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-653.NASL
    description A stack-based buffer overflow flaw was found in the send_dg() and send_vc() functions, used by getaddrinfo() and other higher-level interfaces of glibc. A remote attacker able to cause an application to call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
    last seen 2018-09-02
    modified 2018-04-19
    plugin id 88756
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88756
    title Amazon Linux AMI : glibc (ALAS-2016-653)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3480.NASL
    description Several vulnerabilities have been fixed in the GNU C Library, eglibc. The CVE-2015-7547 vulnerability listed below is considered to have critical impact. - CVE-2014-8121 Robin Hack discovered that the nss_files database did not correctly implement enumeration interleaved with name-based or ID-based lookups. This could cause the enumeration enter an endless loop, leading to a denial of service. - CVE-2015-1781 Arjun Shankar discovered that the _r variants of host name resolution functions (like gethostbyname_r), when performing DNS name resolution, suffered from a buffer overflow if a misaligned buffer was supplied by the applications, leading to a crash or, potentially, arbitrary code execution. Most applications are not affected by this vulnerability because they use aligned buffers. - CVE-2015-7547 The Google Security Team and Red Hat discovered that the eglibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its internal buffers, leading to a stack-based buffer overflow and arbitrary code execution. This vulnerability affects most applications which perform host name resolution using getaddrinfo, including system services. - CVE-2015-8776 Adam Nielsen discovered that if an invalid separated time value is passed to strftime, the strftime function could crash or leak information. Applications normally pass only valid time information to strftime; no affected applications are known. - CVE-2015-8777 Hector Marco-Gisbert reported that LD_POINTER_GUARD was not ignored for SUID programs, enabling an unintended bypass of a security feature. This update causes eglibc to always ignore the LD_POINTER_GUARD environment variable. - CVE-2015-8778 Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r functions did not check the size argument properly, leading to a crash (denial of service) for certain arguments. No impacted applications are known at this time. - CVE-2015-8779 The catopen function contains several unbound stack allocations (stack overflows), causing it the crash the process (denial of service). No applications where this issue has a security impact are currently known. The following fixed vulnerabilities currently lack CVE assignment : - Joseph Myers reported that an integer overflow in the strxfrm can lead to heap-based buffer overflow, possibly allowing arbitrary code execution. In addition, a fallback path in strxfrm uses an unbounded stack allocation (stack overflow), leading to a crash or erroneous application behavior. - Kostya Serebryany reported that the fnmatch function could skip over the terminating NUL character of a malformed pattern, causing an application calling fnmatch to crash (denial of service). - Joseph Myers reported that the IO_wstr_overflow function, internally used by wide-oriented character streams, suffered from an integer overflow, leading to a heap-based buffer overflow. On GNU/Linux systems, wide-oriented character streams are rarely used, and no affected applications are known. - Andreas Schwab reported a memory leak (memory allocation without a matching deallocation) while processing certain DNS answers in getaddrinfo, related to the _nss_dns_gethostbyname4_r function. This vulnerability could lead to a denial of service. While it is only necessary to ensure that all processes are not using the old eglibc anymore, it is recommended to reboot the machines after applying the security upgrade.
    last seen 2018-09-02
    modified 2017-01-27
    plugin id 88767
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88767
    title Debian DSA-3480-1 : eglibc - security update
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0175.NASL
    description Updated glibc packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This issue was discovered by the Google Security Team and Red Hat. This update also fixes the following bugs : * The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with 'dlopen: cannot load any more object with static TLS' should now start up correctly. (BZ#1291270) * A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. (BZ#1301625) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2018-09-02
    modified 2018-07-13
    plugin id 88757
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88757
    title CentOS 6 : glibc (CESA-2016:0175)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0176.NASL
    description Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229) The CVE-2015-7547 issue was discovered by the Google Security Team and Red Hat. Red Hat would like to thank Jeff Layton for reporting the CVE-2015-5229 issue. This update also fixes the following bugs : * The existing implementation of the 'free' function causes all memory pools beyond the first to return freed memory directly to the operating system as quickly as possible. This can result in performance degradation when the rate of free calls is very high. The first memory pool (the main pool) does provide a method to rate limit the returns via M_TRIM_THRESHOLD, but this method is not available to subsequent memory pools. With this update, the M_TRIM_THRESHOLD method is extended to apply to all memory pools, which improves performance for threads with very high amounts of free calls and limits the number of 'madvise' system calls. The change also increases the total transient memory usage by processes because the trim threshold must be reached before memory can be freed. To return to the previous behavior, you can either set M_TRIM_THRESHOLD using the 'mallopt' function, or set the MALLOC_TRIM_THRESHOLD environment variable to 0. (BZ#1298930) * On the little-endian variant of 64-bit IBM Power Systems (ppc64le), a bug in the dynamic loader could cause applications compiled with profiling enabled to fail to start with the error 'monstartup: out of memory'. The bug has been corrected and applications compiled for profiling now start correctly. (BZ#1298956) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2018-09-01
    modified 2018-07-13
    plugin id 88758
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88758
    title CentOS 7 : glibc (CESA-2016:0176)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0277.NASL
    description Updated rhev-hypervisor packages that fix one security issue are now available. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This issue was discovered by the Google Security Team and Red Hat. Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to these updated packages.
    last seen 2018-09-02
    modified 2017-01-27
    plugin id 88889
    published 2016-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88889
    title RHEL 6 : rhev-hypervisor (RHSA-2016:0277)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0176.NASL
    description From Red Hat Security Advisory 2016:0176 : Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229) The CVE-2015-7547 issue was discovered by the Google Security Team and Red Hat. Red Hat would like to thank Jeff Layton for reporting the CVE-2015-5229 issue. This update also fixes the following bugs : * The existing implementation of the 'free' function causes all memory pools beyond the first to return freed memory directly to the operating system as quickly as possible. This can result in performance degradation when the rate of free calls is very high. The first memory pool (the main pool) does provide a method to rate limit the returns via M_TRIM_THRESHOLD, but this method is not available to subsequent memory pools. With this update, the M_TRIM_THRESHOLD method is extended to apply to all memory pools, which improves performance for threads with very high amounts of free calls and limits the number of 'madvise' system calls. The change also increases the total transient memory usage by processes because the trim threshold must be reached before memory can be freed. To return to the previous behavior, you can either set M_TRIM_THRESHOLD using the 'mallopt' function, or set the MALLOC_TRIM_THRESHOLD environment variable to 0. (BZ#1298930) * On the little-endian variant of 64-bit IBM Power Systems (ppc64le), a bug in the dynamic loader could cause applications compiled with profiling enabled to fail to start with the error 'monstartup: out of memory'. The bug has been corrected and applications compiled for profiling now start correctly. (BZ#1298956) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2018-09-01
    modified 2018-07-25
    plugin id 88777
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88777
    title Oracle Linux 7 : glibc (ELSA-2016-0176)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201602-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201602-02 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library: The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547). The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776). An integer overflow was found in the __hcreate_r() function (CVE-2015-8778). Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779). Please review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. Impact : A remote attacker could exploit any application which performs host name resolution using getaddrinfo() in order to execute arbitrary code or crash the application. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information. Workaround : A number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below.
    last seen 2018-09-01
    modified 2017-01-27
    plugin id 88822
    published 2016-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88822
    title GLSA-201602-02 : GNU C Library: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-234.NASL
    description This update for glibc fixes the following security issues : - fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo(), known as CVE-2015-7547. It is a client side networked/remote vulnerability.
    last seen 2018-09-02
    modified 2017-01-27
    plugin id 88878
    published 2016-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88878
    title openSUSE Security Update : glibc (openSUSE-2016-234)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-0480DEFC94.NASL
    description This updates addresses a critical security vulnerability in the DNS resolver related to `AF_UNSPEC` queries with `getaddrinfo` (CVE-2015-7547). It also includes security fixes for CVE-2015-8777 and CVE-2015-1781. It improves `malloc` scalability for applications which start and terminate many threads. The output of `locale -a` is now ASCII-only (previously, it contained ISO-8859-1 characters). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2017-01-30
    plugin id 89473
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89473
    title Fedora 22 : glibc-2.21-11.fc22 (2016-0480defc94)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_2DD7E97ED5E811E5BCBDBC5FF45D0F28.NASL
    description Fabio Olive Leite reports : A stack-based buffer overflow was found in libresolv when invoked from nss_dns, allowing specially crafted DNS responses to seize control of EIP in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family, or in some cases AF_INET6 family. The use of AF_UNSPEC (or AF_INET6 in some cases) triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by __res_nquery.
    last seen 2018-09-01
    modified 2017-01-27
    plugin id 88817
    published 2016-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88817
    title FreeBSD : glibc -- getaddrinfo stack-based buffer overflow (2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-416.NASL
    description Several vulnerabilities have been fixed in the Debian GNU C Library, eglibc : CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could mismange its internal buffers, leading to a stack-based buffer overflow and arbitrary code execution. This vulnerability affects most applications which perform host name resolution using getaddrinfo, including system services. The following fixed vulnerabilities currently lack CVE assignment : Andreas Schwab reported a memory leak (memory allocation without a matching deallocation) while processing certain DNS answers in getaddrinfo, related to the _nss_dns_gethostbyname4_r function. This vulnerability could lead to a denial of service. For Debian 6 'Squeeze', these issues have been fixed in eglibc version eglibc_2.11.3-4+deb6u11. In addition this version corrects the fix for CVE-2014-9761 in Squeeze, which have wrongly marked a few symbols as public instead of private. While it is only necessary to ensure that all processes are not using the old eglibc anymore, it is recommended to reboot the machines after applying the security upgrade. We recommend you to upgrade your eglibc packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-13
    plugin id 88764
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88764
    title Debian DLA-416-1 : eglibc security update
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0051.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Update newmode size to fix a possible corruption - Fix AF_INET6 getaddrinfo with nscd (#1416496) - Update tests for struct sockaddr_storage changes (#1338673) - Use FL_CLOEXEC in internal calls to fopen (#1012343). - Fix CVE-2015-8779 glibc: Unbounded stack allocation in catopen function (#1358015). - Make padding in struct sockaddr_storage explicit (#1338673) - Fix detection of Intel FMA hardware (#1384281). - Add support for, ur_IN, and wal_ET locales (#1101858). - Change malloc/tst-malloc-thread-exit.c to use fewer threads and avoid timeout (#1318380). - df can fail on some systems (#1307029). - Log uname, cpuinfo, meminfo during build (#1307029). - Draw graphs for heap and stack only if MAXSIZE_HEAP and MAXSIZE_STACK are non-zero (#1331304). - Avoid unneeded calls to __check_pf in getadddrinfo (#1270950) - Fix CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r (#1358013). - Fix CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime (#1358011). - tzdata-update: Ignore umask setting (#1373646) - CVE-2014-9761: Fix unbounded stack allocation in nan* (#1358014) - Avoid using uninitialized data in getaddrinfo (#1223095) - Update fix for CVE-2015-7547 (#1296029). - Create helper threads with enough stack for POSIX AIO and timers (#1299319). - Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow (#1296029). - Update malloc free_list cyclic fix (#1264189). - Update tzdata-update changes (#1200555). - Avoid redundant shift character in iconv output at block boundary (#1293914). - Clean up testsuite results when testing with newer kernels (#1293464). - Do not rewrite /etc/localtime if it is a symbolic link. (#1200555) - Support long lines in /etc/hosts (#1020263). - Avoid aliasing warning in tst-rec-dlopen (#1291444) - Don't touch user-controlled stdio locks in forked child (#1275384). - Increase the limit of shared libraries that can use static TLS (#1198802). - Avoid PLT in libm for feupdateenv (#1186104). - Allow PLT entry in libc for _Unwind_Find_FDE on s390/s390x (#1186104). - Provide /etc/gai.conf only in the glibc package. (#1223818) - Change first day of the week to Monday for the ca_ES locale. (#1011900) - Update BIG5-HKSCS charmap to HKSCS-2008. (#1211748) - Rename Oriya locale to Odia. (#1091334) - Avoid hang in gethostbyname_r due to missing mutex unlocking (#1192621) - Avoid ld.so crash when audit modules provide path (#1211098) - Suppress expected backtrace in tst-malloc-backtrace (#1276633) - Avoid PLT for memmem (#1186104). - Fix up a missing dependency in the Makefile (#1219627). - Reduce lock contention in __tz_convert (#1244585). - Prevent the malloc arena free list from becoming cyclic (#1264189) - Remove legacy IA64 support (#1246145). - Check for NULL arena pointer in _int_pvalloc (#1246656). - Don't change no_dyn_threshold on mallopt failure (#1246660). - Unlock main arena after allocation in calloc (#1245731). - Enable robust malloc change again (#1245731). - Fix perturbing in malloc on free and simply perturb_byte (#1245731). - Don't fall back to mmap prematurely (#1245731). - The malloc deadlock avoidance support has been temporarily removed since it triggers deadlocks in certain applications (#1243824).
    last seen 2018-09-01
    modified 2018-07-25
    plugin id 99078
    published 2017-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99078
    title OracleVM 3.3 / 3.4 : glibc (OVMSA-2017-0051)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-0F9E9A34CE.NASL
    description This updates addresses a critical security vulnerability in the DNS resolver related to `AF_UNSPEC` queries with `getaddrinfo` (CVE-2015-7547). In addition, a bug that causes Hesiod lookups to fail with a crash is fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2017-01-30
    plugin id 89476
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89476
    title Fedora 23 : glibc-2.22-9.fc23 (2016-0f9e9a34ce)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2016-0002.NASL
    description a. glibc update for multiple products. The glibc library has been updated in multiple products to resolve a stack-based buffer overflow present in the glibc getaddrinfo function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-7547. VMware products have been grouped into the following four categories : I) ESXi and ESX Hypervisor Versions of ESXi and ESX prior to 5.5 are not affected because they do not ship with a vulnerable version of glibc. ESXi 5.5 and ESXi 6.0 ship with a vulnerable version of glibc and are affected. See table 1 for remediation for ESXi 5.5 and ESXi 6.0. II) Windows-based products Windows-based products, including all versions of vCenter Server running on Windows, are not affected. III) VMware virtual appliances VMware virtual appliances ship with a vulnerable version of glibc and are affected. See table 2 for remediation for appliances. IV) Products that run on Linux VMware products that run on Linux (excluding virtual appliances) might use a vulnerable version of glibc as part of the base operating system. If the operating system has a vulnerable version of glibc, VMware recommends that customers contact their operating system vendor for resolution. WORKAROUND Workarounds are available for several virtual appliances. These are documented in VMware KB article 2144032. RECOMMENDATIONS VMware recommends customers evaluate and deploy patches for affected products in Table 1 and 2 below as these patches become available. In case patches are not available, customers are advised to deploy the workaround. Column 4 of the following tables lists the action required to remediate the vulnerability in each release, if a solution is available. Table 1 - ESXi ==============
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 88954
    published 2016-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88954
    title VMSA-2016-0002 : VMware product updates address a critical glibc security vulnerability
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0472-1.NASL
    description This update for glibc fixes the following issues : - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 88833
    published 2016-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88833
    title SUSE SLED11 / SLES11 Security Update : glibc (SUSE-SU-2016:0472-1)
  • NASL family Misc.
    NASL id ARISTA_EOS_SA0017.NASL
    description The version of Arista Networks EOS running on the remote device is affected by multiple stack-based buffer overflow conditions in the GNU libresolv library, specifically within the send_dg() and send_vc() functions, when handling DNS responses that trigger a call to the getaddrinfo() function with the AF_UNSPEC or AF_INET6 address family. An unauthenticated, remote attacker can exploit these issues, via a specially crafted DNS response, to cause a denial of service condition or the execution of arbitrary code.
    last seen 2018-09-01
    modified 2018-08-09
    plugin id 107059
    published 2018-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107059
    title Arista Networks EOS libresolv Overflow RCE (SA0017)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2016-0002_REMOTE.NASL
    description The remote VMware ESXi host is 5.5 prior to build 3568722 or 6.0 prior to build 3568940. It is, therefore, affected by a stack-based buffer overflow condition in the GNU C Library (glibc) DNS client-side resolver due to improper validation of user-supplied input when looking up names via the getaddrinfo() function. An attacker can exploit this to execute arbitrary code by using an attacker-controlled domain name, an attacker-controlled DNS server, or through a man-in-the-middle attack.
    last seen 2018-09-02
    modified 2018-08-06
    plugin id 88906
    published 2016-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88906
    title ESXi 5.5 < Build 3568722 / 6.0 < Build 3568940 glibc DNS Resolver RCE (VMSA-2016-0002) (remote check)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0470-1.NASL
    description This update for glibc fixes the following issues : - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) - CVE-2013-2207: pt_chown tricked into granting access to another users pseudo-terminal (bsc#830257) - CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with AF_INET6 (bsc#847227) - CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187) - bsc#920338: Read past end of pattern in fnmatch - CVE-2015-1781: buffer overflow in nss_dns (bsc#927080) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 88831
    published 2016-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88831
    title SUSE SLES11 Security Update : glibc (SUSE-SU-2016:0470-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0013.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Update fix for CVE-2015-7547 (#1296028). - Create helper threads with enough stack for POSIX AIO and timers (#1301625). - Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow (#1296028). - Support loading more libraries with static TLS (#1291270). - Check for NULL arena pointer in _int_pvalloc (#1256890). - Don't change no_dyn_threshold on mallopt failure (#1256891). - Unlock main arena after allocation in calloc (#1256812). - Enable robust malloc change again (#1256812). - Fix perturbing in malloc on free and simply perturb_byte (#1256812). - Don't fall back to mmap prematurely (#1256812). - The malloc deadlock avoidance support has been temporarily removed since it triggers deadlocks in certain applications (#1244002). - Fix ruserok check to reject, not skip, negative user checks (#1217186). - Optimize ruserok function for large ~/.rhosts (#1217186). - Fix crash in valloc due to the backtrace deadlock fix (#1207236). - Fix buffer overflow in gethostbyname_r with misaligned buffer (#1209376, CVE-2015-1781). - Avoid deadlock in malloc on backtrace (#1066724). - Support running applications that use Intel AVX-512 (#1195453). - Silence logging of record type mismatch for DNSSEC records (#1088301). - Shrink heap on free when vm.overcommit_memory == 2 (#867679). - Enhance nscd to detect any configuration file changes (#859965). - Fix __times handling of EFAULT when buf is NULL (#1124204). - Fix memory leak with dlopen and thread-local storage variables (#978098). - Prevent getaddrinfo from writing DNS queries to random fd (CVE-2013-7423, - Implement userspace half of in6.h header coordination (#1053178). - Correctely size relocation cache used by profiler (#1144132). - Fix reuse of cached stack leading to bounds overrun of DTV (#1116050). - Return failure in getnetgrent only when all netgroups have been searched (#1085312). - Fix valgrind warning in nscd_stats (#1091915). - Initialize xports array (#1159167). - Fix tst-default-attr test to not fail on powerpc (#1023306). - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183534). - Fix typo in nscd/selinux.c (#1125307). - Actually run test-iconv modules (#1176907). - Fix recursive dlopen (#1154563). - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1172044). - Fix wordexp to honour WRDE_NOCMD (CVE-2014-7817, #1171296). - Fix typo in res_send and res_query (#rh1138769).
    last seen 2018-09-01
    modified 2018-07-24
    plugin id 88783
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88783
    title OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0175.NASL
    description From Red Hat Security Advisory 2016:0175 : Updated glibc packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This issue was discovered by the Google Security Team and Red Hat. This update also fixes the following bugs : * The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with 'dlopen: cannot load any more object with static TLS' should now start up correctly. (BZ#1291270) * A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. (BZ#1301625) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2018-09-02
    modified 2018-07-25
    plugin id 88776
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88776
    title Oracle Linux 6 : glibc (ELSA-2016-0175)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-233.NASL
    description This update for glibc fixes the following issues : - errorcheck-mutex-no-elision.patch: Don't do lock elision on an error checking mutex (boo#956716, BZ #17514) - reinitialize-dl_load_write_lock.patch: Reinitialize dl_load_write_lock on fork (boo#958315, BZ #19282) - send-dg-buffer-overflow.patch: Fix getaddrinfo stack-based buffer overflow (CVE-2015-7547, boo#961721, BZ #18665) - strftime-range-check.patch: Add range check on time fields (CVE-2015-8776, boo#962736, BZ #18985) - hcreate-overflow-check.patch: Handle overflow in hcreate (CVE-2015-8778, boo#962737, BZ #18240) - refactor-nan-parsing.patch: Refactor strtod parsing of NaN payloads (CVE-2014-9761, boo#962738, BZ #16962) - catopen-unbound-alloca.patch: Fix unbound alloca in catopen (CVE-2015-8779, boo#962739, BZ #17905)
    last seen 2018-09-01
    modified 2017-01-27
    plugin id 88855
    published 2016-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88855
    title openSUSE Security Update : glibc (openSUSE-2016-233)
  • NASL family CISCO
    NASL id CISCO-CSCUY36553-NXOS.NASL
    description The version of Cisco NX-OS software running on the remote device is affected by a remote code execution vulnerability in the bundled version of the GNU C Library (glibc) due to a stack-based buffer overflow condition in the DNS resolver. An unauthenticated, remote attacker can exploit this, via a crafted DNS response that triggers a call to the getaddrinfo() function, to cause a denial of service condition or the execution of arbitrary code.
    last seen 2018-09-02
    modified 2018-08-09
    plugin id 93480
    published 2016-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93480
    title Cisco Nexus 3000 / 9000 Series GNU C Library (glibc) getaddrinfo() RCE (cisco-sa-20160218-glibc)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0176.NASL
    description Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229) The CVE-2015-7547 issue was discovered by the Google Security Team and Red Hat. Red Hat would like to thank Jeff Layton for reporting the CVE-2015-5229 issue. This update also fixes the following bugs : * The existing implementation of the 'free' function causes all memory pools beyond the first to return freed memory directly to the operating system as quickly as possible. This can result in performance degradation when the rate of free calls is very high. The first memory pool (the main pool) does provide a method to rate limit the returns via M_TRIM_THRESHOLD, but this method is not available to subsequent memory pools. With this update, the M_TRIM_THRESHOLD method is extended to apply to all memory pools, which improves performance for threads with very high amounts of free calls and limits the number of 'madvise' system calls. The change also increases the total transient memory usage by processes because the trim threshold must be reached before memory can be freed. To return to the previous behavior, you can either set M_TRIM_THRESHOLD using the 'mallopt' function, or set the MALLOC_TRIM_THRESHOLD environment variable to 0. (BZ#1298930) * On the little-endian variant of 64-bit IBM Power Systems (ppc64le), a bug in the dynamic loader could cause applications compiled with profiling enabled to fail to start with the error 'monstartup: out of memory'. The bug has been corrected and applications compiled for profiling now start correctly. (BZ#1298956) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 88785
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88785
    title RHEL 7 : glibc (RHSA-2016:0176)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-224.NASL
    description This update for glibc fixes the following security issues : - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The following non-security bugs were fixed : - bsc#955647: Resource leak in resolver - bsc#956716: Don't do lock elision on an error checking mutex - bsc#958315: Reinitialize dl_load_write_lock on fork This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2018-09-02
    modified 2017-01-27
    plugin id 88829
    published 2016-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88829
    title openSUSE Security Update : glibc (openSUSE-2016-224)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160216_GLIBC_ON_SL7_X.NASL
    description A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229) This update also fixes the following bugs : - The existing implementation of the 'free' function causes all memory pools beyond the first to return freed memory directly to the operating system as quickly as possible. This can result in performance degradation when the rate of free calls is very high. The first memory pool (the main pool) does provide a method to rate limit the returns via M_TRIM_THRESHOLD, but this method is not available to subsequent memory pools. With this update, the M_TRIM_THRESHOLD method is extended to apply to all memory pools, which improves performance for threads with very high amounts of free calls and limits the number of 'madvise' system calls. The change also increases the total transient memory usage by processes because the trim threshold must be reached before memory can be freed. To return to the previous behavior, you can either set M_TRIM_THRESHOLD using the 'mallopt' function, or set the MALLOC_TRIM_THRESHOLD environment variable to 0. - On the little-endian variant of 64-bit IBM Power Systems (ppc64le), a bug in the dynamic loader could cause applications compiled with profiling enabled to fail to start with the error 'monstartup: out of memory'. The bug has been corrected and applications compiled for profiling now start correctly.
    last seen 2018-09-02
    modified 2017-01-27
    plugin id 88798
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88798
    title Scientific Linux Security Update : glibc on SL7.x x86_64
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2016-054-02.NASL
    description New glibc packages are available for Slackware 14.1 and -current to fix security issues.
    last seen 2018-09-02
    modified 2017-01-27
    plugin id 88910
    published 2016-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88910
    title Slackware 14.1 / current : glibc (SSA:2016-054-02)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL47098834.NASL
    description Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing 'dual A/AAAA DNS queries' and the libnss_dns.so.2 NSS module. (CVE-2015-7547)
    last seen 2018-09-01
    modified 2018-07-13
    plugin id 88769
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88769
    title F5 Networks BIG-IP : glibc vulnerability (K47098834)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0471-1.NASL
    description This update for glibc fixes the following security issues : - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses (bsc#961721) - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment variable allowed local attackers to bypass the pointer guarding protection of the dynamic loader on set-user-ID and set-group-ID programs (bsc#950944) - CVE-2015-8776: Out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information (bsc#962736) - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have caused an out-of-bound memory access. leading to application crashes or, potentially, arbitrary code execution (bsc#962737) - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (bsc#962738) - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen function could have caused applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (bsc#962739) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 88832
    published 2016-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88832
    title SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:0471-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0175.NASL
    description Updated glibc packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This issue was discovered by the Google Security Team and Red Hat. This update also fixes the following bugs : * The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with 'dlopen: cannot load any more object with static TLS' should now start up correctly. (BZ#1291270) * A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. (BZ#1301625) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 88784
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88784
    title RHEL 6 : glibc (RHSA-2016:0175)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0225.NASL
    description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This issue was discovered by the Google Security Team and Red Hat. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 88793
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88793
    title RHEL 6 / 7 : glibc (RHSA-2016:0225)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2900-1.NASL
    description It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-07
    modified 2018-09-06
    plugin id 88806
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88806
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc vulnerability (USN-2900-1)
packetstorm via4
data source https://packetstormsecurity.com/files/download/138601/glibcgetaddrinfo-overflow.txt
id PACKETSTORM:138601
last seen 2016-12-05
published 2016-09-06
reporter jang kyoungchip
source https://packetstormsecurity.com/files/138601/glibc-getaddrinfo-Stack-Buffer-Overflow.html
title glibc getaddrinfo Stack Buffer Overflow
redhat via4
advisories
  • bugzilla
    id 1293532
    title CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment glibc is earlier than 0:2.12-1.166.el6_7.7
          oval oval:com.redhat.rhsa:tst:20160175015
        • comment glibc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872006
      • AND
        • comment glibc-common is earlier than 0:2.12-1.166.el6_7.7
          oval oval:com.redhat.rhsa:tst:20160175017
        • comment glibc-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872012
      • AND
        • comment glibc-devel is earlier than 0:2.12-1.166.el6_7.7
          oval oval:com.redhat.rhsa:tst:20160175009
        • comment glibc-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872018
      • AND
        • comment glibc-headers is earlier than 0:2.12-1.166.el6_7.7
          oval oval:com.redhat.rhsa:tst:20160175005
        • comment glibc-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872010
      • AND
        • comment glibc-static is earlier than 0:2.12-1.166.el6_7.7
          oval oval:com.redhat.rhsa:tst:20160175007
        • comment glibc-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872008
      • AND
        • comment glibc-utils is earlier than 0:2.12-1.166.el6_7.7
          oval oval:com.redhat.rhsa:tst:20160175011
        • comment glibc-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872014
      • AND
        • comment nscd is earlier than 0:2.12-1.166.el6_7.7
          oval oval:com.redhat.rhsa:tst:20160175013
        • comment nscd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872016
    rhsa
    id RHSA-2016:0175
    released 2016-02-16
    severity Critical
    title RHSA-2016:0175: glibc security and bug fix update (Critical)
  • bugzilla
    id 1298956
    title on PPC64LE [rhel-7.2.z]
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment glibc is earlier than 0:2.17-106.el7_2.4
          oval oval:com.redhat.rhsa:tst:20160176009
        • comment glibc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872006
      • AND
        • comment glibc-common is earlier than 0:2.17-106.el7_2.4
          oval oval:com.redhat.rhsa:tst:20160176011
        • comment glibc-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872012
      • AND
        • comment glibc-devel is earlier than 0:2.17-106.el7_2.4
          oval oval:com.redhat.rhsa:tst:20160176017
        • comment glibc-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872018
      • AND
        • comment glibc-headers is earlier than 0:2.17-106.el7_2.4
          oval oval:com.redhat.rhsa:tst:20160176005
        • comment glibc-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872010
      • AND
        • comment glibc-static is earlier than 0:2.17-106.el7_2.4
          oval oval:com.redhat.rhsa:tst:20160176007
        • comment glibc-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872008
      • AND
        • comment glibc-utils is earlier than 0:2.17-106.el7_2.4
          oval oval:com.redhat.rhsa:tst:20160176013
        • comment glibc-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872014
      • AND
        • comment nscd is earlier than 0:2.17-106.el7_2.4
          oval oval:com.redhat.rhsa:tst:20160176015
        • comment nscd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872016
    rhsa
    id RHSA-2016:0176
    released 2016-02-16
    severity Critical
    title RHSA-2016:0176: glibc security and bug fix update (Critical)
  • rhsa
    id RHSA-2016:0225
  • rhsa
    id RHSA-2016:0277
rpms
  • glibc-0:2.12-1.166.el6_7.7
  • glibc-common-0:2.12-1.166.el6_7.7
  • glibc-devel-0:2.12-1.166.el6_7.7
  • glibc-headers-0:2.12-1.166.el6_7.7
  • glibc-static-0:2.12-1.166.el6_7.7
  • glibc-utils-0:2.12-1.166.el6_7.7
  • nscd-0:2.12-1.166.el6_7.7
  • glibc-0:2.17-106.el7_2.4
  • glibc-common-0:2.17-106.el7_2.4
  • glibc-devel-0:2.17-106.el7_2.4
  • glibc-headers-0:2.17-106.el7_2.4
  • glibc-static-0:2.17-106.el7_2.4
  • glibc-utils-0:2.17-106.el7_2.4
  • nscd-0:2.17-106.el7_2.4
refmap via4
bid 83265
cert-vn VU#457759
confirm
debian
  • DSA-3480
  • DSA-3481
fedora
  • FEDORA-2016-0480defc94
  • FEDORA-2016-0f9e9a34ce
gentoo GLSA-201602-02
hp
  • HPSBGN03442
  • HPSBGN03547
  • HPSBGN03549
  • HPSBGN03551
  • HPSBGN03582
misc
mlist [libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow
sectrack 1035020
suse
  • SUSE-SU-2016:0470
  • SUSE-SU-2016:0471
  • SUSE-SU-2016:0472
  • SUSE-SU-2016:0473
  • openSUSE-SU-2016:0510
  • openSUSE-SU-2016:0511
  • openSUSE-SU-2016:0512
ubuntu USN-2900-1
the hacker news via4
id THN:ACBFC80659E47A5B7C81B99570749679
last seen 2018-01-27
modified 2016-02-17
published 2016-02-16
reporter Swati Khandelwal
source https://thehackernews.com/2016/02/glibc-linux-flaw.html
title Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)
vmware via4
description The glibc library has been updated in multiple products to resolve a stack buffer overflow present in the glibc getaddrinfo function.
id VMSA-2016-0002
last_updated 2016-02-23T00:00:00
published 2016-02-22T00:00:00
title VMware product updates address a critical glibc security vulnerability VMware product updates address a critical glibc security vulnerability. VMware product updates address a critical glibc security vulnerability. VMware product updates address a critical glibc security vulnerability.
workaround None
Last major update 16-02-2017 - 21:59
Published 18-02-2016 - 16:59
Last modified 18-01-2018 - 13:18
Back to Top