CVE-2013-7423

Опубликовано: 12 сент. 2013

Источник: redhat

CVSS2: 1.2

Описание

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.

Отчет

This issue did not affect the versions of glibc as shipped with Red Hat Enterprise Linux 5 as they did not include the vulnerable code, which was introduced in later versions.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	glibc	Not affected
Red Hat Enterprise Linux 6	glibc	Fixed	RHSA-2015:0863	21.04.2015
Red Hat Enterprise Linux 6.5 Advanced Update Support	glibc	Fixed	RHSA-2016:1207	07.06.2016
Red Hat Enterprise Linux 7	glibc	Fixed	RHSA-2015:2199	19.11.2015
Red Hat Enterprise Linux 7.1 Extended Update Support	glibc	Fixed	RHSA-2015:2589	09.12.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-362->CWE-201

https://bugzilla.redhat.com/show_bug.cgi?id=1187109glibc: getaddrinfo() writes DNS queries to random file descriptors under high load

1.2 Low

CVSS2

Связанные уязвимости

CVE-2013-7423

ubuntu

больше 10 лет назад

CVE-2013-7423

nvd

больше 10 лет назад

CVE-2013-7423

debian

больше 10 лет назад

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc ...

GHSA-7q6m-8g97-jq6m

github

больше 3 лет назад

ELSA-2015-0863

oracle-oval

больше 10 лет назад

ELSA-2015-0863: glibc security and bug fix update (MODERATE)

1.2 Low

CVSS2