CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665). - mirror/glibc - mirror of git://sourceware.org/git/glibc.git

diff options

author	Carlos O'Donell <carlos@systemhalted.org>	2016-02-16 21:26:37 -0500
committer	Mike Frysinger <vapier@gentoo.org>	2016-02-16 22:16:35 -0500
commit	b995d95a5943785be3ab862b2d3276f3b4a22481 (patch)
tree	5a06b3f7b6f8bcb4377aaabaedf9395d5141d18c /nptl/Makefile
parent	4660fb2714c52dba4addab496b3f1ae8e6c633b3 (diff)
download	glibc-b995d95a5943785be3ab862b2d3276f3b4a22481.tar.gz glibc-b995d95a5943785be3ab862b2d3276f3b4a22481.tar.xz glibc-b995d95a5943785be3ab862b2d3276f3b4a22481.zip

CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug 18665).

* A stack-based buffer overflow was found in libresolv when invoked from
  libnss_dns, allowing specially crafted DNS responses to seize control
  of execution flow in the DNS client.  The buffer overflow occurs in
  the functions send_dg (send datagram) and send_vc (send TCP) for the
  NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
  family.  The use of AF_UNSPEC triggers the low-level resolver code to
  send out two parallel queries for A and AAAA.  A mismanagement of the
  buffers used for those queries could result in the response of a query
  writing beyond the alloca allocated buffer created by
  _nss_dns_gethostbyname4_r.  Buffer management is simplified to remove
  the overflow.  Thanks to the Google Security Team and Red Hat for
  reporting the security impact of this issue, and Robert Holiday of
  Ciena for reporting the related bug 18665. (CVE-2015-7547)

See also:
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html

(cherry picked from commit e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca)

Diffstat (limited to 'nptl/Makefile')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: