First published: Thu Jan 29 2015(Updated: )
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Enterprise Linux Server | =6.5 | |
Ubuntu | =10.04 | |
Ubuntu | =12.04 | |
Ubuntu | =14.04 | |
Ubuntu | =14.10 | |
SUSE Linux | =13.1 | |
SUSE Linux | =13.2 | |
GNU C Library (glibc) | <2.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-7423 has a medium severity rating due to its potential to allow remote attackers to send DNS queries to unintended locations.
To mitigate CVE-2013-7423, update the GNU C Library to version 2.20 or later as recommended by your operating system vendor.
CVE-2013-7423 affects various versions of the GNU C Library and several Linux distributions including Red Hat Enterprise Linux 6.5 and multiple versions of Ubuntu and openSUSE.
CVE-2013-7423 enables remote attackers to exploit file descriptor reuse issues in DNS queries, leading to potential information leakage.
While CVE-2013-7423 has been addressed in later versions of software, systems running affected versions remain vulnerable if not updated.