Wind River Support Network

Summary

Wind River Linux 4.3 Security Alert for glibc getaddrinfo() stack-based buffer overflow -- CVE-2015-7547

---

Affected Product Versions

Wind River Linux 4

---

Downloads

---

Description

As described at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547

When the thisanssizp pointer variable on line 1257 is updated, thisanssizp = anssizp2, i.e assigned a new address, this change causes the thisanssizp pointer variable used in the recvfrom function on line 1282 to use the wrong size if a new buffer is created after the thisanssizp address has been changed at line 1257.

The size of the buffer used will be what was stored at the address assigned at line 1257, and not the size of the newly created buffer.

The program will crash if the calculated size of the buffer used is 0. The recvfrom function will not crash, but any further accesses to the buffer where the bytes read was 0 from the recvfrom function will crash the program.

To our knowledge, glibc 2.11 to 2.22 are affected.

Verification

To verify the patch, there's a solution posted on github.

You would need to make -C build python and install python module RPMs to target to run the python script which works as a malicious DNS server in the test.

Patching

1. Request to upgrade WRL4.3 RCPL 32
2. cd product/wrlinux-4/layers/updates/RCPL-4.3-WRL.0032/wrll-toolchain-4.4a-466/
3. git apply 0001-fix-build_libc-regression-in-4.4a-466-toolchain.patch
4. Create a new project
5. wrlinux/configure … --with-template=feature/build_libc
6. make -C build glibc.patch
7. cd build/glibc-2.11
8. patch -p2 < CVE-2015-7547-wr4.patch
9. cd ../../
10. make fs

For any questions, please contact Wind River Support at +1-800-872-4977 or your local Wind River representative

---

Installation Notes

Request to upgrade WRL4.3 RCPL 32

---