Think you have a false positive on this rule?

Sid 1-37730

Message

PROTOCOL-DNS glibc getaddrinfo A record stack buffer overflow attempt

Summary

Multiple stack-based buffer overflows in the (1) senddg and (2) sendvc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AFUNSPEC or AFINET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Impact

CVSS base score 8.1 CVSS impact score 5.9 CVSS exploitability score 2.2 confidentialityImpact HIGH integrityImpact HIGH availabilityImpact HIGH

CVE-2015-7547:

CVSS base score 8.1

CVSS impact score 5.9

CVSS exploitability score 2.2

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2015-7547: Multiple stack-based buffer overflows in the (1) senddg and (2) sendvc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AFUNSPEC or AFINET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Affected systems

  • f5 big-ipaccesspolicy_manager 12.0.0
  • f5 big-ipadvancedfirewall_manager 12.0.0
  • f5 big-ip_analytics 12.0.0
  • f5 big-ipapplicationacceleration_manager 12.0.0
  • f5 big-ipapplicationsecurity_manager 12.0.0
  • f5 big-ipdomainname_system 12.0.0
  • f5 big-iplinkcontroller 12.0.0
  • f5 big-iplocaltraffic_manager 12.0.0
  • f5 big-ippolicyenforcement_manager 12.0.0
  • gnu glibc 2.9
  • gnu glibc 2.10
  • gnu glibc 2.10.1
  • gnu glibc 2.11
  • gnu glibc 2.11.1
  • gnu glibc 2.11.2
  • gnu glibc 2.11.3
  • gnu glibc 2.12
  • gnu glibc 2.12.1
  • gnu glibc 2.12.2
  • gnu glibc 2.13
  • gnu glibc 2.14
  • gnu glibc 2.14.1
  • gnu glibc 2.15
  • gnu glibc 2.16
  • gnu glibc 2.17
  • gnu glibc 2.18
  • gnu glibc 2.19
  • gnu glibc 2.20
  • gnu glibc 2.21
  • gnu glibc 2.22
  • hp helion_openstack 1.1.1
  • hp helion_openstack 2.0.0
  • hp helion_openstack 2.1.0
  • hp servermigrationpack 7.5
  • oracle exalogic_infrastructure 1.0
  • oracle exalogic_infrastructure 2.0
  • oracle fujitsum10firmware 2290
  • sophos unifiedthreatmanagement_software 9.319
  • sophos unifiedthreatmanagement_software 9.355
  • suse linuxenterprisedebuginfo 11.0
  • suse linuxenterprisedesktop 11.0
  • suse linuxenterprisedesktop 12
  • suse linuxenterpriseserver 11.0
  • suse linuxenterpriseserver 12
  • suse linuxenterprisesoftwaredevelopmentkit 11.0
  • suse linuxenterprisesoftwaredevelopmentkit 12
  • canonical ubuntu_linux 12.04
  • canonical ubuntu_linux 14.04
  • canonical ubuntu_linux 15.10
  • debian debian_linux 8.0
  • novell opensuse 13.2
  • redhat enterpriselinuxdesktop 7.0
  • redhat enterpriselinuxhpc_node 7.0
  • redhat enterpriselinuxhpcnodeeus 7.2
  • redhat enterpriselinuxserver 7.0
  • redhat enterpriselinuxserver_aus 7.2
  • redhat enterpriselinuxserver_eus 7.2
  • redhat enterpriselinuxworkstation 7.0

Ease of attack

CVE-2015-7547:

Access Vector

Access Complexity

Authentication

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html