Описание
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.
Отчет
After updating the glibc package on affected systems, it is strongly recommended to reboot the system or restart all the affected services. For more information please refer to: https://access.redhat.com/articles/2161461
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 3 | glibc | Not affected | ||
| Red Hat Enterprise Linux 4 | glibc | Not affected | ||
| Red Hat Enterprise Linux 5 | glibc | Not affected | ||
| Red Hat Enterprise Linux Extended Update Support 6.7 | guest-images | Affected | ||
| Red Hat Enterprise Linux Extended Update Support 7.2 | rhel-guest-image | Affected | ||
| Red Hat Enterprise Linux 6 | glibc | Fixed | RHSA-2016:0175 | 16.02.2016 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | glibc | Fixed | RHSA-2016:0225 | 16.02.2016 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | glibc | Fixed | RHSA-2016:0225 | 16.02.2016 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | glibc | Fixed | RHSA-2016:0225 | 16.02.2016 |
| Red Hat Enterprise Linux 6.6 Extended Update Support | glibc | Fixed | RHSA-2016:0225 | 16.02.2016 |
Показывать по
Дополнительная информация
Статус:
6.8 Medium
CVSS2
Связанные уязвимости
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_ ...
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
6.8 Medium
CVSS2