glibc patched for critical vulnerabilityby Nikola Strahija on February 21st, 2016 Most Linux Vendors have posted updates of their glibc packages with a critical glibc vulnerability patched. This bug can be exploited to excute remote code. It's Identified as CVE-2015-7547 and titled "getaddrinfo stack-based-buffer overflow".
The bug was found when Google engineers were attempting to connect into a system and a segmentation fault (segfault) occured causing the connection to crash. Upon further investigation it was revealed that it was due to a bug in glibc.
glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated.
Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow.
The vectors to trigger this buffer overflow are very common and can include ssh, sudo, and curl.
Proof of concept code is available here.