FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2015-7547

This CVE name corresponds to:

Entered Topic
2016-02-18 glibc -- getaddrinfo stack-based buffer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2015-7547 at cve.mitre.org

Details

Type Candidate
Name CVE-2015-7547
Phase Assigned(20150929)

Description

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

References

Source Reference
MLIST [libc-alpha] 20160216 [PATCH] CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow
MISC https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
CONFIRM https://access.redhat.com/articles/2161461
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1293532
CONFIRM https://sourceware.org/bugzilla/show_bug.cgi?id=18665
CONFIRM https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.html
CONFIRM https://bto.bluecoat.com/security-advisory/sa114
CONFIRM https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/
CONFIRM https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
CONFIRM https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
CONFIRM https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10150
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858
DEBIAN DSA-3481
GENTOO GLSA-201602-02
REDHAT RHSA-2016:0176
SUSE SUSE-SU-2016:0470
SUSE SUSE-SU-2016:0471
SUSE SUSE-SU-2016:0472
SUSE SUSE-SU-2016:0473
SUSE openSUSE-SU-2016:0510
SUSE openSUSE-SU-2016:0511
SUSE openSUSE-SU-2016:0512
UBUNTU USN-2900-1

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.