SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Glibc Vendors:   GNU [multiple authors]
(CentOS Issues Fix) Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code
SecurityTracker Alert ID:  1035032
SecurityTracker URL:  http://securitytracker.com/id/1035032
CVE Reference:   CVE-2015-7547   (Links to External Site)
Date:  Feb 17 2016
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Glibc. A remote or local user can execute arbitrary code on the target system.

A remote or local user can send specially crafted data to trigger a stack overflow in the getaddrinfo() function in the glibc DNS client resolver code ('resolv/nss_dns') and execute arbitrary code on the target system. The code will run with the privileges of the target application using the glibc library.

Various applications may be affected, including ssh, sudo, and curl.

Additional information is available at:

https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html


Impact:   A remote or local user can execute arbitrary code on the target system.
Solution:   CentOS has issued a fix.

i386:
b864b56998c7f54ad2ff8a88e6d2e2e9bbb7fed5b5cd1a5a37335df3db1009f5 glibc-2.12-1.166.el6_7.7.i686.rpm
05d0ad7fafb040ac70f955b46c82c2bcb35a11a867f4b024e6cdfc393cefa7e4 glibc-common-2.12-1.166.el6_7.7.i686.rpm
513c3cb75d24f59cbdfcf8bf1cdc3314e3299e6959bbf302135952144c11d2a1 glibc-devel-2.12-1.166.el6_7.7.i686.rpm
03489e5b23bfa62b1b5bf48b885641b00d5a3818d2a77ad725541725f9dfbef8 glibc-headers-2.12-1.166.el6_7.7.i686.rpm
73246d158f90d36cefa03f521ed999b3efc1af5e87fe60702694455efba9aef7 glibc-static-2.12-1.166.el6_7.7.i686.rpm
5f702bcc4c400a3356e2f8947e3b804d8012c3694da010db9867cb8bc50f8f95 glibc-utils-2.12-1.166.el6_7.7.i686.rpm
53c7532df4e2f618f3021b496f208118bfade6254c5c506ae25de6f0678ce9ec nscd-2.12-1.166.el6_7.7.i686.rpm

x86_64:
b864b56998c7f54ad2ff8a88e6d2e2e9bbb7fed5b5cd1a5a37335df3db1009f5 glibc-2.12-1.166.el6_7.7.i686.rpm
2c8769972f74c508392cf3d26ccaf1e977e26c6de17607d0f0efcd94c893e497 glibc-2.12-1.166.el6_7.7.x86_64.rpm
9270e196264742aa6dad454f91edc72535a8fd5e55e0aa205008d3756eae990a glibc-common-2.12-1.166.el6_7.7.x86_64.rpm
513c3cb75d24f59cbdfcf8bf1cdc3314e3299e6959bbf302135952144c11d2a1 glibc-devel-2.12-1.166.el6_7.7.i686.rpm
3a3485584c5fc24aa37f975e5b6cd4b3d7bd3edf03b0c313ba820a137306af43 glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm
5257cdc2fe323f0f2f6ac6e5db955d0cc48ce8d352bde2e91b5dd0e0ac21be09 glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm
73246d158f90d36cefa03f521ed999b3efc1af5e87fe60702694455efba9aef7 glibc-static-2.12-1.166.el6_7.7.i686.rpm
3e49f9f87e8fe44b497ebbd7710fc5cdcd9254b699616511248e8f907ac9b435 glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
d4d6d1710d129d60023172b9503b67772cf61c3113ad9a5eebda12e5093c2ae8 glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm
3cd7688eabc5d06930ef56b56df5549857520ce7e6addce45f222f4b2ea96015 nscd-2.12-1.166.el6_7.7.x86_64.rpm

Source:
cf324b8eedeeeb49f27006d4defc9711190213269c5206964fd09e7107c87ba4 glibc-2.12-1.166.el6_7.7.src.rpm

x86_64:
b41941025252ec75500aad92938364bcfdfc2c77b460281310a410b3bf463d97 glibc-2.17-106.el7_2.4.i686.rpm
e2d2ca19beac6658ad87a5641ad81e3a641c1fa036b39486e7df9992966c7403 glibc-2.17-106.el7_2.4.x86_64.rpm
b4827a93ca1d9a5307b2dfc3104414c8c0799197e20c08af99dc0065aab18f5e glibc-common-2.17-106.el7_2.4.x86_64.rpm
6db526f8e531162742986017f72b6999a74e54854b7e50a2cb5d91ab24ff4d22 glibc-devel-2.17-106.el7_2.4.i686.rpm
83a1b66386844e44f2529649f46feb35bd61cb30007581a9e068c126100fbfe9 glibc-devel-2.17-106.el7_2.4.x86_64.rpm
e1717949debd2d33b5ff8313a2dade5d3c32084cbba6bb69db63af78120c8b98 glibc-headers-2.17-106.el7_2.4.x86_64.rpm
63fea49c8f5b86585e47f5faa46a1d66c324a9e782f2dda68efdd26e936f87b9 glibc-static-2.17-106.el7_2.4.i686.rpm
72d371bf9c4c448a87b3925c493a413e89a631ba3ea61c994fcc500da137c76c glibc-static-2.17-106.el7_2.4.x86_64.rpm
b2f505f33c1c156542535bfd48f0a2a5e788f71a97b295d6115249bcb67144ad glibc-utils-2.17-106.el7_2.4.x86_64.rpm
113529ecc25d4c6120656713558db5cad2c73fcf7d5819800226758d01c85242 nscd-2.17-106.el7_2.4.x86_64.rpm

Source:
ebc37790d051eb03068f8e1320a19fe6e840e0846543281372f250c5cf29d890 glibc-2.17-106.el7_2.4.src.rpm

Cause:   Boundary error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Feb 16 2016 Glibc getaddrinfo() Stack Overflow Lets Remote or Local Users Execute Arbitrary Code



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0175 Critical CentOS 6 glibc Security Update


CentOS Errata and Security Advisory 2016:0175 Critical

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0175.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
b864b56998c7f54ad2ff8a88e6d2e2e9bbb7fed5b5cd1a5a37335df3db1009f5  glibc-2.12-1.166.el6_7.7.i686.rpm
05d0ad7fafb040ac70f955b46c82c2bcb35a11a867f4b024e6cdfc393cefa7e4  glibc-common-2.12-1.166.el6_7.7.i686.rpm
513c3cb75d24f59cbdfcf8bf1cdc3314e3299e6959bbf302135952144c11d2a1  glibc-devel-2.12-1.166.el6_7.7.i686.rpm
03489e5b23bfa62b1b5bf48b885641b00d5a3818d2a77ad725541725f9dfbef8  glibc-headers-2.12-1.166.el6_7.7.i686.rpm
73246d158f90d36cefa03f521ed999b3efc1af5e87fe60702694455efba9aef7  glibc-static-2.12-1.166.el6_7.7.i686.rpm
5f702bcc4c400a3356e2f8947e3b804d8012c3694da010db9867cb8bc50f8f95  glibc-utils-2.12-1.166.el6_7.7.i686.rpm
53c7532df4e2f618f3021b496f208118bfade6254c5c506ae25de6f0678ce9ec  nscd-2.12-1.166.el6_7.7.i686.rpm

x86_64:
b864b56998c7f54ad2ff8a88e6d2e2e9bbb7fed5b5cd1a5a37335df3db1009f5  glibc-2.12-1.166.el6_7.7.i686.rpm
2c8769972f74c508392cf3d26ccaf1e977e26c6de17607d0f0efcd94c893e497  glibc-2.12-1.166.el6_7.7.x86_64.rpm
9270e196264742aa6dad454f91edc72535a8fd5e55e0aa205008d3756eae990a  glibc-common-2.12-1.166.el6_7.7.x86_64.rpm
513c3cb75d24f59cbdfcf8bf1cdc3314e3299e6959bbf302135952144c11d2a1  glibc-devel-2.12-1.166.el6_7.7.i686.rpm
3a3485584c5fc24aa37f975e5b6cd4b3d7bd3edf03b0c313ba820a137306af43  glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm
5257cdc2fe323f0f2f6ac6e5db955d0cc48ce8d352bde2e91b5dd0e0ac21be09  glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm
73246d158f90d36cefa03f521ed999b3efc1af5e87fe60702694455efba9aef7  glibc-static-2.12-1.166.el6_7.7.i686.rpm
3e49f9f87e8fe44b497ebbd7710fc5cdcd9254b699616511248e8f907ac9b435  glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
d4d6d1710d129d60023172b9503b67772cf61c3113ad9a5eebda12e5093c2ae8  glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm
3cd7688eabc5d06930ef56b56df5549857520ce7e6addce45f222f4b2ea96015  nscd-2.12-1.166.el6_7.7.x86_64.rpm

Source:
cf324b8eedeeeb49f27006d4defc9711190213269c5206964fd09e7107c87ba4  glibc-2.12-1.166.el6_7.7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC