CVE-2015-7547: glibc libresolve vulnerability

CVE ID

CVE-2015-7547

DESCRIPTION

A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.

Unitrends risk assessment: Severity High

Remote code execution is possible, but not straightforward. It requires bypassing the security mitigations present on the system, such as ASLR.

RESOLUTION

Fixed in CentOS6 update versions glibc-2.12-1.166.el6_7.7 and later.

To update to the new version of glibc with the fix, contact support for the EAPP-601 security update.

CentOS5 systems are not affected.

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us