Wind River Support Network

HomeSafety and Security NoticesWind River Linux 8.0 Security Alert for glibc getaddrinfo() stack-based buffer overflow -- CVE-2015-7547
Recommended

Wind River Linux 8.0 Security Alert for glibc getaddrinfo() stack-based buffer overflow -- CVE-2015-7547

Released: Feb 19, 2016     Updated: Feb 21, 2016

Summary

Wind River Linux 8.0 Security Alert for glibc getaddrinfo() stack-based buffer overflow -- CVE-2015-7547


Affected Product Versions

Wind River Linux 5, Wind River Linux 6, Wind River Linux 7, Wind River Linux 8

Downloads


Description

Description

=========


As described at [https://sourceware.org/bugzilla/show_bug.cgi?id=18665](https://sourceware.org/bugzilla/show_bug.cgi?id=18665 class=moz-txt-link-rfc2396E)


When the thisanssizp pointer variable on line 1257 is updated, thisanssizp = anssizp2, i.e assigned a new address,

this change causes the thisanssizp pointer variable used in the recvfrom function on line 1282 to use the

wrong size if a new buffer is created after the thisanssizp address has been changed at line 1257.


The size of the buffer used will be what was stored at the address assigned at line 1257, and not the size of the newly created buffer.


The program will crash if the calculated size of the buffer used is 0. The recvfrom function will

not crash, but any further accesses to the buffer where the bytes read was 0 from the recvfrom function

will crash the program.


To our knowledge, glibc 2.11 to 2.22 are affected.


Verification

=========


To verify the patch, there's a solution posted on github [https://github.com/fjserna/cve-2015-7547](https://github.com/fjserna/cve-2015-7547 class=moz-txt-link-rfc2396E)


You would need to make -C build python and install python module RPMs to target to run the python script which works as a malicious DNS server in the test.


Patching

========


make -C build glibc.patch


cd build/glibc/git


patch -Np1 < ~/cve-2015-7547-wrl8.patch


Live chat
Online