Tagged: glibc

VU#457759: glibc vulnerable to stack buffer overflow in DNS resolver 0

VU#457759: glibc vulnerable to stack buffer overflow in DNS resolver

Vulnerability Note VU#457759 glibc vulnerable to stack buffer overflow in DNS resolver Original Release date: 17 Feb 2016 | Last revised: 18 Feb 2016 Overview GNU glibc contains a buffer overflow vulnerability in the DNS resolver, which may allow a remote attacker to execute arbitrary code. Description CWE-121 : Stack-based Buffer Overflow – CVE-2015-7547 According to a Google security blog post : “The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.” According to glibc developers, the vulnerable code was initially added in May 2008 as part of the development for glibc 2.9.

VU#967332: GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow 0

VU#967332: GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

Vulnerability Note VU#967332 GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow Original Release date: 28 Jan 2015 | Last revised: 28 Jan 2015 Overview The __nss_hostname_digits_dots() function of the GNU C Library (glibc) allows a buffer overflow condition in which arbitrary code may be executed. This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name “GHOST”. Description According to Qualys, the vulnerability is “a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library ( glibc ).