CVE-2015-7547: Buffer Overflow
First published: Tue Dec 22 2015(Updated: )
A stack-based buffer overflow was found in libresolv when invoked from nss_dns, allowing specially crafted DNS responses to seize control of EIP in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family, or in some cases AF_INET6 family. The use of AF_UNSPEC (or AF_INET6 in some cases) triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by __res_nquery.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Linux | =8.0 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.10 | |
| HP Helion OpenStack | =1.1.1 | |
| HP Helion OpenStack | =2.0.0 | |
| HP Helion OpenStack | =2.1.0 | |
| HP Server Migration Package | =7.5 | |
| Sophos Unified Threat Management | =9.319 | |
| Sophos Unified Threat Management | =9.355 | |
| SUSE Linux Enterprise Debuginfo | =11.0-sp2 | |
| SUSE Linux Enterprise Debuginfo | =11.0-sp3 | |
| SUSE Linux Enterprise Debuginfo | =11.0-sp4 | |
| openSUSE | =13.2 | |
| SUSE Linux Enterprise Desktop | =11.0-sp3 | |
| SUSE Linux Enterprise Desktop | =11.0-sp4 | |
| SUSE Linux Enterprise Desktop | =12 | |
| SUSE Linux Enterprise Desktop | =12-sp1 | |
| SUSE Linux Enterprise Server | =11.0-sp2 | |
| SUSE Linux Enterprise Server | =11.0-sp3 | |
| SUSE Linux Enterprise Server | =11.0-sp3 | |
| SUSE Linux Enterprise Server | =11.0-sp4 | |
| SUSE Linux Enterprise Server | =12-sp1 | |
| SUSE Linux Enterprise Software Development Kit | =11.0-sp3 | |
| SUSE Linux Enterprise Software Development Kit | =11.0-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =12 | |
| SUSE Linux Enterprise Software Development Kit | =12-sp1 | |
| SUSE Linux Enterprise Server | =12 | |
| Oracle Exalogic Infrastructure | =1.0 | |
| Oracle Exalogic Infrastructure | =2.0 | |
| F5 Access Policy Manager | =12.0.0 | |
| F5 BIG-IP Advanced Firewall Manager | =12.0.0 | |
| F5 BIG-IP Analytics | =12.0.0 | |
| F5 BIG-IP Application Acceleration Manager | =12.0.0 | |
| F5 Application Security Manager | =12.0.0 | |
| F5 BIG-IP | =12.0.0 | |
| F5 BIG-IP Link Controller | =12.0.0 | |
| Riverbed SteelApp Traffic Manager | =12.0.0 | |
| F5 BIG-IP Policy Enforcement Manager | =12.0.0 | |
| Oracle Fujitsu M10-4S Firmware | <=2290 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux HPC Node | =7.0 | |
| Red Hat Enterprise Linux HPC Node | =7.2 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| GNU C Library (glibc) | =2.9 | |
| GNU C Library (glibc) | =2.10 | |
| GNU C Library (glibc) | =2.10.1 | |
| GNU C Library (glibc) | =2.11 | |
| GNU C Library (glibc) | =2.11.1 | |
| GNU C Library (glibc) | =2.11.2 | |
| GNU C Library (glibc) | =2.11.3 | |
| GNU C Library (glibc) | =2.12 | |
| GNU C Library (glibc) | =2.12.1 | |
| GNU C Library (glibc) | =2.12.2 | |
| GNU C Library (glibc) | =2.13 | |
| GNU C Library (glibc) | =2.14 | |
| GNU C Library (glibc) | =2.14.1 | |
| GNU C Library (glibc) | =2.15 | |
| GNU C Library (glibc) | =2.16 | |
| GNU C Library (glibc) | =2.17 | |
| GNU C Library (glibc) | =2.18 | |
| GNU C Library (glibc) | =2.19 | |
| GNU C Library (glibc) | =2.20 | |
| GNU C Library (glibc) | =2.21 | |
| GNU C Library (glibc) | =2.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/articles/2161461
- https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
- https://sourceware.org/bugzilla/show_bug.cgi?id=18665
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1308943
- https://rhn.redhat.com/errata/RHSA-2016-0175.html
- https://rhn.redhat.com/errata/RHSA-2016-0225.html
- https://rhn.redhat.com/errata/RHSA-2016-0176.html
- https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=18665
- https://access.redhat.com/security/cve/CVE-2015-0235
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1293532#c24
- https://rhn.redhat.com/errata/RHSA-2016-0277.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1293532
- http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html
- http://marc.info/?l=bugtraq&m=145596041017029&w=2
- http://marc.info/?l=bugtraq&m=145672440608228&w=2
- http://marc.info/?l=bugtraq&m=145690841819314&w=2
- http://marc.info/?l=bugtraq&m=145857691004892&w=2
- http://marc.info/?l=bugtraq&m=146161017210491&w=2
- http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
- http://rhn.redhat.com/errata/RHSA-2016-0175.html
- http://rhn.redhat.com/errata/RHSA-2016-0176.html
- http://rhn.redhat.com/errata/RHSA-2016-0225.html
- http://rhn.redhat.com/errata/RHSA-2016-0277.html
- http://seclists.org/fulldisclosure/2019/Sep/7
- http://seclists.org/fulldisclosure/2021/Sep/0
- http://seclists.org/fulldisclosure/2022/Jun/36
- http://support.citrix.com/article/CTX206991
- http://ubuntu.com/usn/usn-2900-1
- http://www.debian.org/security/2016/dsa-3480
- http://www.debian.org/security/2016/dsa-3481
- http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/83265
- http://www.securitytracker.com/id/1035020
- http://www.vmware.com/security/advisories/VMSA-2016-0002.html
- https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/
- https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
- https://bto.bluecoat.com/security-advisory/sa114
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161
- https://kc.mcafee.com/corporate/index?page=content&id=SB10150
- https://seclists.org/bugtraq/2019/Sep/7
- https://security.gentoo.org/glsa/201602-02
- https://security.netapp.com/advisory/ntap-20160217-0002/
- https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html
- https://support.lenovo.com/us/en/product_security/len_5450
- https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17
- https://www.exploit-db.com/exploits/39454/
- https://www.exploit-db.com/exploits/40339/
- https://www.kb.cert.org/vuls/id/457759
- https://www.tenable.com/security/research/tra-2017-08
Frequently Asked Questions
What is the severity of CVE-2015-7547?
CVE-2015-7547 has a critical severity level due to its potential for remote code execution via specially crafted DNS responses.
How do I fix CVE-2015-7547?
To fix CVE-2015-7547, update the affected software packages to the patched versions provided by the software maintainers.
Which systems are affected by CVE-2015-7547?
CVE-2015-7547 affects various systems including Debian 8.0, Ubuntu 12.04, 14.04, 15.10, and several versions of HP Helion OpenStack, SUSE Linux, and Red Hat Enterprise Linux.
What types of attacks can exploit CVE-2015-7547?
CVE-2015-7547 can be exploited through remote attacks where specially crafted DNS responses can lead to stack-based buffer overflow.
What should I do if I cannot update my software to mitigate CVE-2015-7547?
If you cannot update your software, consider implementing strict egress filtering and monitoring DNS traffic to reduce the risk of exploitation from CVE-2015-7547.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/references
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-7547
- agent/weakness
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.10
- vendor/hp
- canonical/hp helion openstack
- version/hp helion openstack/1.1.1
- version/hp helion openstack/2.0.0
- version/hp helion openstack/2.1.0
- canonical/hp server migration package
- version/hp server migration package/7.5
- vendor/sophos
- canonical/sophos unified threat management
- version/sophos unified threat management/9.319
- version/sophos unified threat management/9.355
- vendor/suse
- canonical/suse linux enterprise debuginfo
- version/suse linux enterprise debuginfo/11.0-sp2
- version/suse linux enterprise debuginfo/11.0-sp3
- version/suse linux enterprise debuginfo/11.0-sp4
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.2
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11.0-sp3
- version/suse linux enterprise desktop/11.0-sp4
- version/suse linux enterprise desktop/12
- version/suse linux enterprise desktop/12-sp1
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11.0-sp2
- version/suse linux enterprise server/11.0-sp3
- version/suse linux enterprise server/11.0-sp4
- version/suse linux enterprise server/12-sp1
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11.0-sp3
- version/suse linux enterprise software development kit/11.0-sp4
- version/suse linux enterprise software development kit/12
- version/suse linux enterprise software development kit/12-sp1
- version/suse linux enterprise server/12
- vendor/oracle
- canonical/oracle exalogic infrastructure
- version/oracle exalogic infrastructure/1.0
- version/oracle exalogic infrastructure/2.0
- vendor/f5
- canonical/f5 access policy manager
- version/f5 access policy manager/12.0.0
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/12.0.0
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/12.0.0
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/12.0.0
- canonical/f5 application security manager
- version/f5 application security manager/12.0.0
- canonical/f5 big-ip
- version/f5 big-ip/12.0.0
- canonical/f5 big-ip link controller
- version/f5 big-ip link controller/12.0.0
- canonical/riverbed steelapp traffic manager
- version/riverbed steelapp traffic manager/12.0.0
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/12.0.0
- canonical/oracle fujitsu m10-4s firmware
- version/oracle fujitsu m10-4s firmware/2290
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux hpc node
- version/red hat enterprise linux hpc node/7.0
- version/red hat enterprise linux hpc node/7.2
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.2
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/7.0
- vendor/gnu
- canonical/gnu c library (glibc)
- version/gnu c library (glibc)/2.9
- version/gnu c library (glibc)/2.10
- version/gnu c library (glibc)/2.10.1
- version/gnu c library (glibc)/2.11
- version/gnu c library (glibc)/2.11.1
- version/gnu c library (glibc)/2.11.2
- version/gnu c library (glibc)/2.11.3
- version/gnu c library (glibc)/2.12
- version/gnu c library (glibc)/2.12.1
- version/gnu c library (glibc)/2.12.2
- version/gnu c library (glibc)/2.13
- version/gnu c library (glibc)/2.14
- version/gnu c library (glibc)/2.14.1
- version/gnu c library (glibc)/2.15
- version/gnu c library (glibc)/2.16
- version/gnu c library (glibc)/2.17
- version/gnu c library (glibc)/2.18
- version/gnu c library (glibc)/2.19
- version/gnu c library (glibc)/2.20
- version/gnu c library (glibc)/2.21
- version/gnu c library (glibc)/2.22