SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Glibc Vendors:   GNU [multiple authors]
Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
SecurityTracker Alert ID:  1035020
SecurityTracker URL:  http://securitytracker.com/id/1035020
CVE Reference:   CVE-2015-7547   (Links to External Site)
Date:  Feb 16 2016
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Glibc. A remote or local user can execute arbitrary code on the target system.

A remote or local user can send specially crafted data to trigger a stack overflow in the getaddrinfo() function in the glibc DNS client resolver code ('resolv/nss_dns') and execute arbitrary code on the target system. The code will run with the privileges of the target application using the glibc library.

Various applications may be affected, including ssh, sudo, and curl.

Additional information is available at:

https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

Florian Weimer and Carlos O’Donell of Red Hat and Fermin J. Serna and Kevin Stadmeyer of Google reported this vulnerability.

Impact:   A remote or local user can execute arbitrary code on the target system.
Solution:   The vendor has issued a proposed patch, available at:

https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

Vendor URL:  www.gnu.org/software/libc/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 16 2016 (Ubuntu Issues Fix) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, and 15.10.
Feb 17 2016 (Red Hat Issues Fix) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Feb 17 2016 (Red Hat Issues Fix) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Feb 17 2016 (Oracle Issues Fix for Oracle Linux) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Oracle has issued a fix for Oracle Linux 6 and 7.
Feb 17 2016 (CentOS Issues Fix) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
CentOS has issued a fix for CentOS 6 and 7.
Feb 17 2016 (Red Hat Issues Fix) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 6.2, 6.4, 6.5, 6.6, and 7.1.
Feb 19 2016 (Cisco Issues Advisory for Cisco FireSIGHT) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco FireSIGHT.
Feb 19 2016 (Cisco Issues Advisory for Cisco Identity Services Engine) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco Identity Services Engine.
Feb 19 2016 (Cisco Issues Advisory for Cisco Edge 300/340 Digital Media Player) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco Edge 300 and Edge 340 Digital Media Players.
Feb 20 2016 (Red Hat Issues Fix for Red Hat Enterprise Virtualization) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Virtualization for Red Hat Enterprise Linux 6 and 7.
Feb 22 2016 (VMware Issues Fix for VMware ESXi) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
VMware has issued a fix for VMware ESXi 5.5 and 6.0.
Feb 23 2016 (Cisco Issues Advisory for Cisco WebEx Meetings Server) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco WebEx Meetings Server 1.x and 2.x.
Feb 23 2016 (Cisco Issues Advisory for Cisco MediaSense) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco MediaSense.
Feb 23 2016 (Cisco Issues Advisory for Cisco Unified 7800 Series IP Phones) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco Unified 7800 Series IP Phones.
Feb 23 2016 (Cisco Issues Advisory for Cisco TelePresence Products) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco TelePresence Server and TelePresence VCS.
Feb 23 2016 (Cisco Issues Advisory for Cisco Video Surveillance Media Server) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco Video Surveillance Media Server.
Feb 23 2016 (Cisco Issues Advisory for Cisco Secure Access Control Server) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco Secure Access Control Server 5.x.
Feb 23 2016 (Cisco Issues Advisory for Cisco Prime Collaboration Deployment) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco Prime Collaboration Deployment.
Feb 23 2016 (Cisco Issues Advisory for Cisco Unified Communications Manager) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco Unified Communications Manager.
Feb 23 2016 (Cisco Issues Advisory for Cisco Unity Connection) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco Unity Connection.
Feb 23 2016 (Cisco Issues Advisory for Cisco Prime Data Center Network Manager) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco Prime Data Center Network Manager (.ova and .iso installers).
Feb 23 2016 (Cisco Issues Advisory for Cisco ASR 5000 Series Routers) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco ASR 5000 Series Routers.
Feb 23 2016 (Cisco Issues Advisory for Cisco Nexus 1000V InterCloud) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco Nexus 1000V InterCloud.
Feb 24 2016 (Citrix Issues Advisory for Citrix License Server VPX) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Citrix has issued an advisory for Citrix License Server VPX.
Mar 1 2016 (HP Issues Advisory for HPE IceWall) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
HPE has issued an advisory for HPE IceWall.
Mar 4 2016 (IBM Issues Fix for IBM Security Identity Manager) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
IBM has issued a fix for IBM Security Identity Manager.
Apr 7 2016 (HPE Issues Fix for HPE NonStop Virtual TapeServer) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
HPE has issued a fix for HPE NonStop Virtual TapeServer.
Apr 20 2016 (Oracle Issues Fix for Oracle Exalogic Infrastructure) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Oracle has issued a fix for Oracle Fusion Middleware/Oracle Exalogic Infrastructure.
Apr 26 2016 (HP Issues Fix for HPE Helion CloudSystem) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
HP has issued a fix for HPE Helion CloudSystem.
Jun 17 2016 (QNAP Systems Issues Fix for QNAP Storage Devices) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
QNAP Systems has issued a fix for QNAP Storage Devices.
Jul 8 2016 (IBM Issues Fix for IBM BladeCenter Advanced Management Module) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
IBM has issued a fix for IBM BladeCenter Advanced Management Module.
Jul 8 2016 (IBM Issues Fix for IBM Storwize V7000 Unified) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
IBM has issued a fix for IBM Storwize V7000 Unified.
Jul 27 2016 (HPE Issues Fix for HPE StoreVirtual Storage) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
HPE has issued a fix for HPE StoreVirtual Storage products running LeftHand OS.
Aug 19 2016 (Palo Alto Networks Issues Fix for Palo Alto PAN-OS) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Palo Alto Networks has issued a fix for Palo Alto PAN-OS.
Jan 18 2017 (Juniper Issues Fix for Juniper NSM) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
Juniper has issued a fix for Juniper NSM3000, NSM4000, and NSMExpress.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC