You are currently viewing Critical bug in glibc affecting millions of Linux applications

Critical bug in glibc affecting millions of Linux applications

  • Post author:
  • Reading time:4 mins read

GNU Patch 2

It has been reported that there is a critical bug in glibc. The bug discovered in glibc has been present since 2008. A huge amount of Linux software hijacked by miscreants from the other side of the internet.

The GNU C Library (glibc) is an essential component of Linux distributions. The researchers at Google and Red Hat were able to determine the flaw in glibc’s DNS resolver. The DNS resolver to translate human-readable domain names, such as www.secpod.com into a network IP address. A vulnerability management tool can detect this bug.

Technical Description (CVE-2015-7547):

The glibc DNS client-side resolver is vulnerable to a stack-based buffer overflow when the call to function getaddrinfo(). This function is vulnerable and softwares using this exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. By using auto patching, this bug can be remediated.

The glibc allocates 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer allocated from the heap and all the information (buffer pointer, new buffer size and response size).

Under certain conditions, a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer allocated. This behavior leads to the stack buffer overflow.

The buffer overflow exploited when shoveling coals to ssh, sudo, and curl. The code that causes the vulnerability introduced in May 2008 as part of glibc 2.9.

Exploitation (Proof of Concept):

However, it requires bypassing the security mitigation existing on the system, such as ASLR, and non-executable stack protection.

Affected versions: All versions of glibc after 2.9 are vulnerable.

SecPod Saner detects this vulnerability and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Share this article