Wind River Support Network

HomeSafety and Security NoticesWind River Linux 5.0.1 Security Alert for glibc getaddrinfo() stack-based buffer overflow -- CVE-2015-7547
Recommended

Wind River Linux 5.0.1 Security Alert for glibc getaddrinfo() stack-based buffer overflow -- CVE-2015-7547

Released: Feb 21, 2016     Updated: Feb 21, 2016

Summary

Wind River Linux 5.0.1 Security Alert for glibc getaddrinfo() stack-based buffer overflow -- CVE-2015-7547


Affected Product Versions

Wind River Linux 5

Downloads


Description

Description

=========


As described at href="https://sourceware.org/bugzilla/show_bug.cgi?id=18665"


When the thisanssizp pointer variable on line 1257 is updated, thisanssizp = anssizp2, i.e assigned a new address,

this change causes the thisanssizp pointer variable used in the recvfrom function on line 1282 to use the

wrong size if a new buffer is created after the thisanssizp address has been changed at line 1257.


The size of the buffer used will be what was stored at the address assigned at line 1257, and not the size of the newly created buffer.


The program will crash if the calculated size of the buffer used is 0. The recvfrom function will

not crash, but any further accesses to the buffer where the bytes read was 0 from the recvfrom function

will crash the program.


To our knowledge, glibc 2.11 to 2.22 are affected.


Verification

=========


To verify the patch, there's a solution posted on github href="https://github.com/fjserna/cve-2015-7547"


You would need to make -C build python and install python module RPMs to target to run the python script which works as a malicious DNS server in the test.


Patching

=========


wrlinux/configure --enable-build-libc


make -C build wrl-glibc-rebuild.patch


cd build/wrl-glibc-rebuild-2.15-4.6a-149-r2/glibc-2.15-4.6a-149/


patch -Np2 < ~/cve-2015-7547.patch

Any question, please contact Wind River Support at +1-800-872-4977 or your local Wind River representative


Live chat
Online