Wind River Support Network

HomeSecurity NoticesWind River Linux 4.3 Security Alert for glibc getaddrinfo() stack-based buffer overflow -- CVE-2015-7547
Recommended

Wind River Linux 4.3 Security Alert for glibc getaddrinfo() stack-based buffer overflow -- CVE-2015-7547

Released: Feb 22, 2016     Updated: Feb 22, 2016

Summary

Wind River Linux 4.3 Security Alert for glibc getaddrinfo() stack-based buffer overflow -- CVE-2015-7547


Product Version

Wind River Linux 4

Downloads


Description

As described at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547


When the thisanssizp pointer variable on line 1257 is updated, thisanssizp = anssizp2, i.e assigned a new address, this change causes the thisanssizp pointer variable used in the recvfrom function on line 1282 to use the wrong size if a new buffer is created after the thisanssizp address has been changed at line 1257.


The size of the buffer used will be what was stored at the address assigned at line 1257, and not the size of the newly created buffer.


The program will crash if the calculated size of the buffer used is 0. The recvfrom function will not crash, but any further accesses to the buffer where the bytes read was 0 from the recvfrom function will crash the program.


To our knowledge, glibc 2.11 to 2.22 are affected.


Verification

To verify the patch, there's a solution posted on github.


You would need to make -C build python and install python module RPMs to target to run the python script which works as a malicious DNS server in the test.


Patching

  1. Request to upgrade WRL4.3 RCPL 32
  2. cd product/wrlinux-4/layers/updates/RCPL-4.3-WRL.0032/wrll-toolchain-4.4a-466/
  3. git apply 0001-fix-build_libc-regression-in-4.4a-466-toolchain.patch
  4. Create a new project
  5. wrlinux/configure ... --with-template=feature/build_libc
  6. make -C build glibc.patch
  7. cd build/glibc-2.11
  8. patch -p2 < CVE-2015-7547-wr4.patch
  9. cd ../../
  10. make fs


For any questions, please contact Wind River Support at +1-800-872-4977 or your local Wind River representative


Installation Notes

Request to upgrade WRL4.3 RCPL 32


Live chat
Online