glibc stack-based buffer overflow in getaddrinfo (CVE-2015-7547)
Updated
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This package contains the standard C library against which all GNU/Linux programs are linked. The libresolv library shipped with glibc provides functions which provide translation between host names and IP addresses. nss_dns is the glibc component which provides the Name Service Switch (NSS) service module which uses libresolv to perform DNS lookups.
Background Information
A stack-based buffer overflow was found in libresolv in the code which performs dual A/AAAA DNS queries. A remote attacker could create specially crafted DNS responses which could cause libresolv to crash or potentially execute code with the permissions of the user running the library. The buffer overflow occurs in the function send_dg (for UDP queries) and send_vc (for TCP queries) in libresolv. The issue is only exposed when libresolv is called from the nss_dns NSS service module. This flaw has been assigned CVE-2015-7547 .
Applications which call getaddrinfo with the AF_UNSPEC address family are affected, except on Red Hat Enterprise Linux 6.4, where applications are also affected if they use the AF_INET6 address family. Applications which only use the old gethostbyname functions or libresolv functions such res_search (and not getaddrinfo) are not affected.
This issue did not affect the version of glibc shipped with Red Hat Enterprise Linux 5 or earlier. This issue affected the versions of glibc shipped with Red Hat Enterprise Linux 6 and 7.
Impacted Products
This issue has been rated as having Critical impact by Red Hat Product Security.
The following versions of Red Hat Products are impacted:
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
Take Action
Red Hat encourages customers to apply the patch for this Critical issue as soon as possible.
Updates for Affected Products
| Product | Advisory |
|---|---|
| Red Hat Enterprise Linux 6 | RHSA-2016:0175 |
| Red Hat Enterprise Linux 7 | RHSA-2016:0176 |
| Red Hat Enterprise Linux 6.2 Advanced Update Support | RHSA-2016:0225 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | RHSA-2016:0225 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | RHSA-2016:0225 |
| Red Hat Enterprise Linux 6.6 Extended Update Support | RHSA-2016:0225 |
| Red Hat Enterprise Linux 7.1 Extended Update Support | RHSA-2016:0225 |
| Red Hat Enterprise Virtualization Hypervisor - RHEL7 base | RHSA-2016:0277 |
| Red Hat Enterprise Virtualization Hypervisor - RHEL6 base | RHSA-2016:0277 |
After the update is applied you need to reboot the system or restart all affected services:
Because this vulnerability affects a large amount of applications on the system, the safest and recommended way to assure every application uses the updated glibc packages is to restart the system.
In case you are unable to restart the entire system after applying the update, execute the following command to list all running processes (not restricted to services) still using the old [in-memory] version of glibc on your system.
lsof +c0 -d DEL | awk 'NR==1 || /libc-/ {print $2,$1,$4,$NF}' | column -t
From the resulting list, identify the public-facing services and restart them. While this process may work as a temporary workaround, it is not supported by Red Hat and, should a problem arise, you will be requested to reboot the system before any troubleshooting begins.
Comments