Wind River Linux 5.0.1 Security Alert for glibc getaddrinfo() stack-based buffer overflow -- CVE-2015-7547
Description
=========
As described at href="https://sourceware.org/bugzilla/show_bug.cgi?id=18665"
When the thisanssizp pointer variable on line 1257 is updated, thisanssizp = anssizp2, i.e assigned a new address,
this change causes the thisanssizp pointer variable used in the recvfrom function on line 1282 to use the
wrong size if a new buffer is created after the thisanssizp address has been changed at line 1257.
The size of the buffer used will be what was stored at the address assigned at line 1257, and not the size of the newly created buffer.
The program will crash if the calculated size of the buffer used is 0. The recvfrom function will
not crash, but any further accesses to the buffer where the bytes read was 0 from the recvfrom function
will crash the program.
To our knowledge, glibc 2.11 to 2.22 are affected.
Verification
=========
To verify the patch, there's a solution posted on github href="https://github.com/fjserna/cve-2015-7547"
You would need to make -C build python and install python module RPMs to target to run the python script which works as a malicious DNS server in the test.
Patching
=========
wrlinux/configure --enable-build-libc
make -C build wrl-glibc-rebuild.patch
cd build/wrl-glibc-rebuild-2.15-4.6a-149-r2/glibc-2.15-4.6a-149/
patch -Np2 < ~/cve-2015-7547.patch
Any question, please contact Wind River Support at +1-800-872-4977 or your local Wind River representative