Threat Advisory: Critical glibc Flaw Puts Linux Machines at Risk

February 17, 2016

GNU C Library (glibc) is a collection of open source code that powers thousands of applications and most Linux distributions. A highly critical vulnerability has been uncovered in the GNU C Library (glibc), a key component of most Linux distributions.  The vulnerability, which is indexed as CVE-2015-7547, is a stack-based buffer overflow vulnerability in glibc's DNS client-side resolver that is used to translate human-readable domain names, like google.com, into a network IP address.

The buffer overflow flaw is triggered when the getaddrinfo() library function, that performs domain-name lookups, is in use, allowing hackers to remotely execute malicious code. The flaw can be exploited when an affected device or app make queries to a malicious DNS server that returns too much information to a lookup request and floods the program's memory with code. This code then compromises the vulnerable application or device and tries to take control over the whole system.

Alternatively, an attacker could perform a man in the middle attack and tamper with DNS replies by monitoring and manipulating the data flowing between a vulnerable device and the Internet.

This is a very complex vulnerability. We anticipate multiple patches and vendor technology updates over the coming days. Sourceware has provided a full summary of the solution and steps that should be taken here. Herjavec Group will continue to monitor this vulnerability and notify our customers of appropriate developments as they arise. 

Resources

The official advisory on glibc from Google  

Hacker News Update

Sourceware Update

Stay Informed 

    Follow us on Twitter

    Connect with us on LinkedIn