Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » glibc patched for critical vulnerability

glibc patched for critical vulnerability

by Nikola Strahija on February 21st, 2016 Most Linux Vendors have posted updates of their glibc packages with a critical glibc vulnerability patched. This bug can be exploited to excute remote code. It's Identified as CVE-2015-7547 and titled "getaddrinfo stack-based-buffer overflow".


The bug was found when Google engineers were attempting to connect into a system and a segmentation fault (segfault) occured causing the connection to crash. Upon further investigation it was revealed that it was due to a bug in glibc.

glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated.

Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow.

The vectors to trigger this buffer overflow are very common and can include ssh, sudo, and curl.

Proof of concept code is available here.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »