CVE-2015-7547

18.02.2016, 21:59

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
debian	debian_linux	8.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.10
hp	helion_openstack	1.1.1
hp	helion_openstack	2.0.0
hp	helion_openstack	2.1.0
hp	server_migration_pack	7.5
sophos	unified_threat_management_software	9.319
sophos	unified_threat_management_software	9.355
suse	linux_enterprise_debuginfo	11.0:sp2
suse	linux_enterprise_debuginfo	11.0:sp3
suse	linux_enterprise_debuginfo	11.0:sp4
opensuse	opensuse	13.2
suse	linux_enterprise_desktop	11.0:sp3
suse	linux_enterprise_desktop	11.0:sp4
suse	linux_enterprise_server	11.0:sp2
suse	linux_enterprise_server	11.0:sp3
suse	linux_enterprise_server	11.0:sp3
suse	linux_enterprise_server	11.0:sp4
suse	linux_enterprise_software_development_kit	11.0:sp3
suse	linux_enterprise_software_development_kit	11.0:sp4
oracle	exalogic_infrastructure	1.0
oracle	exalogic_infrastructure	2.0
f5	big-ip_access_policy_manager	12.0.0
f5	big-ip_advanced_firewall_manager	12.0.0
f5	big-ip_analytics	12.0.0
f5	big-ip_application_acceleration_manager	12.0.0
f5	big-ip_application_security_manager	12.0.0
f5	big-ip_domain_name_system	12.0.0
f5	big-ip_link_controller	12.0.0
f5	big-ip_local_traffic_manager	12.0.0
f5	big-ip_policy_enforcement_manager	12.0.0
oracle	fujitsu_m10_firmware	𝑥 ≤ 2290
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_hpc_node	7.0
redhat	enterprise_linux_hpc_node_eus	7.2
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.2
redhat	enterprise_linux_server_eus	7.2
redhat	enterprise_linux_workstation	7.0
gnu	glibc	2.9
gnu	glibc	2.10
gnu	glibc	2.10.1
gnu	glibc	2.11
gnu	glibc	2.11.1
gnu	glibc	2.11.2
gnu	glibc	2.11.3
gnu	glibc	2.12
gnu	glibc	2.12.1
gnu	glibc	2.12.2
gnu	glibc	2.13
gnu	glibc	2.14
gnu	glibc	2.14.1
gnu	glibc	2.15
gnu	glibc	2.16
gnu	glibc	2.17
gnu	glibc	2.18
gnu	glibc	2.19
gnu	glibc	2.20
gnu	glibc	2.21
gnu	glibc	2.22

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

glibc

bullseye	2.31-13+deb11u11 fixed
bullseye (security)	2.31-13+deb11u10 fixed
bookworm	2.36-9+deb12u8 fixed
bookworm (security)	2.36-9+deb12u7 fixed
sid	2.40-3 fixed
trixie	2.40-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

eglibc

wily	dne
vivid	dne
trusty	Fixed 2.19-0ubuntu6.7 released
precise	Fixed 2.15-0ubuntu10.13 released

glibc

wily	Fixed 2.21-0ubuntu4.1 released
vivid	ignored
trusty	dne
precise	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html

http://marc.info/?l=bugtraq&m=145596041017029&w=2

http://marc.info/?l=bugtraq&m=145672440608228&w=2

http://marc.info/?l=bugtraq&m=145690841819314&w=2

http://marc.info/?l=bugtraq&m=145857691004892&w=2

http://marc.info/?l=bugtraq&m=146161017210491&w=2

http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html

http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html

http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html

http://rhn.redhat.com/errata/RHSA-2016-0175.html

http://rhn.redhat.com/errata/RHSA-2016-0176.html

http://rhn.redhat.com/errata/RHSA-2016-0225.html

http://rhn.redhat.com/errata/RHSA-2016-0277.html

http://seclists.org/fulldisclosure/2019/Sep/7

http://seclists.org/fulldisclosure/2021/Sep/0

http://seclists.org/fulldisclosure/2022/Jun/36

http://support.citrix.com/article/CTX206991

http://ubuntu.com/usn/usn-2900-1

http://www.debian.org/security/2016/dsa-3480

http://www.debian.org/security/2016/dsa-3481

http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.securityfocus.com/bid/83265

http://www.securitytracker.com/id/1035020

http://www.vmware.com/security/advisories/VMSA-2016-0002.html

https://access.redhat.com/articles/2161461

https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

https://bto.bluecoat.com/security-advisory/sa114

https://bugzilla.redhat.com/show_bug.cgi?id=1293532

https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161

https://kc.mcafee.com/corporate/index?page=content&id=SB10150

https://seclists.org/bugtraq/2019/Sep/7

https://security.gentoo.org/glsa/201602-02

https://security.netapp.com/advisory/ntap-20160217-0002/

https://sourceware.org/bugzilla/show_bug.cgi?id=18665

https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html

https://support.lenovo.com/us/en/product_security/len_5450

https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17

https://www.exploit-db.com/exploits/39454/

https://www.exploit-db.com/exploits/40339/

https://www.kb.cert.org/vuls/id/457759

https://www.tenable.com/security/research/tra-2017-08

http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html

http://marc.info/?l=bugtraq&m=145596041017029&w=2

http://marc.info/?l=bugtraq&m=145672440608228&w=2

http://marc.info/?l=bugtraq&m=145690841819314&w=2

http://marc.info/?l=bugtraq&m=145857691004892&w=2

http://marc.info/?l=bugtraq&m=146161017210491&w=2

http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html

http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html

http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html

http://rhn.redhat.com/errata/RHSA-2016-0175.html

http://rhn.redhat.com/errata/RHSA-2016-0176.html

http://rhn.redhat.com/errata/RHSA-2016-0225.html

http://rhn.redhat.com/errata/RHSA-2016-0277.html

http://seclists.org/fulldisclosure/2019/Sep/7

http://seclists.org/fulldisclosure/2021/Sep/0

http://seclists.org/fulldisclosure/2022/Jun/36

http://support.citrix.com/article/CTX206991

http://ubuntu.com/usn/usn-2900-1

http://www.debian.org/security/2016/dsa-3480

http://www.debian.org/security/2016/dsa-3481

http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-en

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.securityfocus.com/bid/83265

http://www.securitytracker.com/id/1035020

http://www.vmware.com/security/advisories/VMSA-2016-0002.html

https://access.redhat.com/articles/2161461

https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

https://bto.bluecoat.com/security-advisory/sa114

https://bugzilla.redhat.com/show_bug.cgi?id=1293532

https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161

https://kc.mcafee.com/corporate/index?page=content&id=SB10150

https://seclists.org/bugtraq/2019/Sep/7

https://security.gentoo.org/glsa/201602-02

https://security.netapp.com/advisory/ntap-20160217-0002/

https://sourceware.org/bugzilla/show_bug.cgi?id=18665

https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html

https://support.lenovo.com/us/en/product_security/len_5450

https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17

https://www.exploit-db.com/exploits/39454/

https://www.exploit-db.com/exploits/40339/

https://www.kb.cert.org/vuls/id/457759

https://www.tenable.com/security/research/tra-2017-08