CVE-2015-7547: Buffer Overflow
First published: Tue Dec 22 2015(Updated: )
A stack-based buffer overflow was found in libresolv when invoked from nss_dns, allowing specially crafted DNS responses to seize control of EIP in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family, or in some cases AF_INET6 family. The use of AF_UNSPEC (or AF_INET6 in some cases) triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by __res_nquery.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Debian Linux | =8.0 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =15.10 | |
| Hp Helion Openstack | =1.1.1 | |
| Hp Helion Openstack | =2.0.0 | |
| Hp Helion Openstack | =2.1.0 | |
| Hp Server Migration Pack | =7.5 | |
| Sophos Unified Threat Management Software | =9.319 | |
| Sophos Unified Threat Management Software | =9.355 | |
| SUSE Linux Enterprise Debuginfo | =11.0-sp2 | |
| SUSE Linux Enterprise Debuginfo | =11.0-sp3 | |
| SUSE Linux Enterprise Debuginfo | =11.0-sp4 | |
| openSUSE openSUSE | =13.2 | |
| SUSE Linux Enterprise Desktop | =11.0-sp3 | |
| SUSE Linux Enterprise Desktop | =11.0-sp4 | |
| SUSE Linux Enterprise Desktop | =12 | |
| SUSE Linux Enterprise Desktop | =12-sp1 | |
| SUSE Linux Enterprise Server | =11.0-sp2 | |
| SUSE Linux Enterprise Server | =11.0-sp3 | |
| Suse Linux Enterprise Server | =11.0-sp3 | |
| SUSE Linux Enterprise Server | =11.0-sp4 | |
| SUSE Linux Enterprise Server | =12-sp1 | |
| SUSE Linux Enterprise Software Development Kit | =11.0-sp3 | |
| SUSE Linux Enterprise Software Development Kit | =11.0-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =12 | |
| SUSE Linux Enterprise Software Development Kit | =12-sp1 | |
| SUSE SUSE Linux Enterprise Server | =12 | |
| Oracle Exalogic Infrastructure | =1.0 | |
| Oracle Exalogic Infrastructure | =2.0 | |
| F5 BIG-IP Access Policy Manager | =12.0.0 | |
| F5 BIG-IP Advanced Firewall Manager | =12.0.0 | |
| F5 BIG-IP Analytics | =12.0.0 | |
| F5 Big-ip Application Acceleration Manager | =12.0.0 | |
| F5 BIG-IP Application Security Manager | =12.0.0 | |
| F5 Big-ip Domain Name System | =12.0.0 | |
| F5 Big-ip Link Controller | =12.0.0 | |
| F5 Big-ip Local Traffic Manager | =12.0.0 | |
| F5 Big-ip Policy Enforcement Manager | =12.0.0 | |
| Oracle Fujitsu M10 Firmware | <=2290 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Hpc Node | =7.0 | |
| Redhat Enterprise Linux Hpc Node Eus | =7.2 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server Aus | =7.2 | |
| Redhat Enterprise Linux Server Eus | =7.2 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| GNU glibc | =2.9 | |
| GNU glibc | =2.10 | |
| GNU glibc | =2.10.1 | |
| GNU glibc | =2.11 | |
| GNU glibc | =2.11.1 | |
| GNU glibc | =2.11.2 | |
| GNU glibc | =2.11.3 | |
| GNU glibc | =2.12 | |
| GNU glibc | =2.12.1 | |
| GNU glibc | =2.12.2 | |
| GNU glibc | =2.13 | |
| GNU glibc | =2.14 | |
| GNU glibc | =2.14.1 | |
| GNU glibc | =2.15 | |
| GNU glibc | =2.16 | |
| GNU glibc | =2.17 | |
| GNU glibc | =2.18 | |
| GNU glibc | =2.19 | |
| GNU glibc | =2.20 | |
| GNU glibc | =2.21 | |
| GNU glibc | =2.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/articles/2161461
- https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
- https://sourceware.org/bugzilla/show_bug.cgi?id=18665
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1308943
- https://rhn.redhat.com/errata/RHSA-2016-0175.html
- https://rhn.redhat.com/errata/RHSA-2016-0225.html
- https://rhn.redhat.com/errata/RHSA-2016-0176.html
- https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=18665
- https://access.redhat.com/security/cve/CVE-2015-0235
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1293532#c24
- https://rhn.redhat.com/errata/RHSA-2016-0277.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1293532
- http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html
- http://marc.info/?l=bugtraq&m=145596041017029&w=2
- http://marc.info/?l=bugtraq&m=145672440608228&w=2
- http://marc.info/?l=bugtraq&m=145690841819314&w=2
- http://marc.info/?l=bugtraq&m=145857691004892&w=2
- http://marc.info/?l=bugtraq&m=146161017210491&w=2
- http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- http://rhn.redhat.com/errata/RHSA-2016-0175.html
- http://rhn.redhat.com/errata/RHSA-2016-0176.html
- http://rhn.redhat.com/errata/RHSA-2016-0225.html
- http://rhn.redhat.com/errata/RHSA-2016-0277.html
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://seclists.org/fulldisclosure/2021/Sep/0
- http://seclists.org/fulldisclosure/2022/Jun/36
- http://support.citrix.com/article/CTX206991
- http://ubuntu.com/usn/usn-2900-1
- http://www.debian.org/security/2016/dsa-3480
- http://www.debian.org/security/2016/dsa-3481
- http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/83265
- http://www.securitytracker.com/id/1035020
- http://www.vmware.com/security/advisories/VMSA-2016-0002.html
- https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- https://bto.bluecoat.com/security-advisory/sa114
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161
- https://kc.mcafee.com/corporate/index?page=content&id=SB10150
- https://seclists.org/bugtraq/2019/Sep/7
- https://security.gentoo.org/glsa/201602-02
- https://security.netapp.com/advisory/ntap-20160217-0002/
- https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html
- https://support.lenovo.com/us/en/product_security/len_5450
- https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17
- https://www.exploit-db.com/exploits/39454/
- https://www.exploit-db.com/exploits/40339/
- https://www.kb.cert.org/vuls/id/457759
- https://www.tenable.com/security/research/tra-2017-08
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/remedy
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-7547
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/15.10
- vendor/hp
- canonical/hp helion openstack
- version/hp helion openstack/1.1.1
- version/hp helion openstack/2.0.0
- version/hp helion openstack/2.1.0
- canonical/hp server migration pack
- version/hp server migration pack/7.5
- vendor/sophos
- canonical/sophos unified threat management software
- version/sophos unified threat management software/9.319
- version/sophos unified threat management software/9.355
- vendor/suse
- canonical/suse linux enterprise debuginfo
- version/suse linux enterprise debuginfo/11.0-sp2
- version/suse linux enterprise debuginfo/11.0-sp3
- version/suse linux enterprise debuginfo/11.0-sp4
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/13.2
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11.0-sp3
- version/suse linux enterprise desktop/11.0-sp4
- version/suse linux enterprise desktop/12
- version/suse linux enterprise desktop/12-sp1
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11.0-sp2
- version/suse linux enterprise server/11.0-sp3
- version/suse linux enterprise server/11.0-sp4
- version/suse linux enterprise server/12-sp1
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11.0-sp3
- version/suse linux enterprise software development kit/11.0-sp4
- version/suse linux enterprise software development kit/12
- version/suse linux enterprise software development kit/12-sp1
- canonical/suse suse linux enterprise server
- version/suse suse linux enterprise server/12
- vendor/oracle
- canonical/oracle exalogic infrastructure
- version/oracle exalogic infrastructure/1.0
- version/oracle exalogic infrastructure/2.0
- vendor/f5
- canonical/f5 big-ip access policy manager
- version/f5 big-ip access policy manager/12.0.0
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/12.0.0
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/12.0.0
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/12.0.0
- canonical/f5 big-ip application security manager
- version/f5 big-ip application security manager/12.0.0
- canonical/f5 big-ip domain name system
- version/f5 big-ip domain name system/12.0.0
- canonical/f5 big-ip link controller
- version/f5 big-ip link controller/12.0.0
- canonical/f5 big-ip local traffic manager
- version/f5 big-ip local traffic manager/12.0.0
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/12.0.0
- canonical/oracle fujitsu m10 firmware
- version/oracle fujitsu m10 firmware/2290
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux hpc node
- version/redhat enterprise linux hpc node/7.0
- canonical/redhat enterprise linux hpc node eus
- version/redhat enterprise linux hpc node eus/7.2
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.2
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.2
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- vendor/gnu
- canonical/gnu glibc
- version/gnu glibc/2.9
- version/gnu glibc/2.10
- version/gnu glibc/2.10.1
- version/gnu glibc/2.11
- version/gnu glibc/2.11.1
- version/gnu glibc/2.11.2
- version/gnu glibc/2.11.3
- version/gnu glibc/2.12
- version/gnu glibc/2.12.1
- version/gnu glibc/2.12.2
- version/gnu glibc/2.13
- version/gnu glibc/2.14
- version/gnu glibc/2.14.1
- version/gnu glibc/2.15
- version/gnu glibc/2.16
- version/gnu glibc/2.17
- version/gnu glibc/2.18
- version/gnu glibc/2.19
- version/gnu glibc/2.20
- version/gnu glibc/2.21
- version/gnu glibc/2.22