GNU Patch 2

A critical security flaw has been reported in GNU C Library. The bug discovered in glibc has been present since 2008. A huge amount of Linux software can be hijacked by miscreants from the other side of the internet.

The GNU C Library (glibc) is an essential component of Linux distributions. The researchers at Google and Red Hat were able to determine the flaw in glibc’s DNS resolver. The DNS resolver is used to translate human-readable domain names, such as www.secpod.com into a network IP address.

Technical Description (CVE-2015-7547):

The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the call to function getaddrinfo() is made. This function is vulnerable and softwares using this can be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.

The glibc allocates 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated.

Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow.

The buffer overflow can be exploited when shoveling coals to ssh, sudo, and curl. The code that causes the vulnerability was introduced in May 2008 as part of glibc 2.9.

Exploitation (Proof of Concept):

T

However, it requires bypassing the security mitigation existing on the system, such as ASLR, and non-executable stack protection.

Affected versions: All versions of glibc after 2.9 are vulnerable.

SecPod Saner detects this vulnerability and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>