localhost exposed

« Previous | Next »

CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow

Sources:

What?

During upstream review of the public open bug 18665 for glibc, it was
discovered that the bug could lead to a stack-based buffer overflow.

Exploitation

Remote code execution is possible, but not straightforward. It requires bypassing the security mitigations present on the system, such as ASLR

Mitigations

- Mitigating factors for UDP include:
- A firewall that drops UDP DNS packets > 512 bytes.
- A local resolver (that drops non-compliant responses).
- Avoid dual A and AAAA queries (avoids buffer management error) e.g.
Do not use AF_UNSPEC.
- No use of `options edns0` in /etc/resolv.conf since EDNS0 allows
responses larger than 512 bytes and can lead to valid DNS responses
that overflow.
- No use of `RES_USE_EDNS0` or `RES_USE_DNSSEC` since they can both
lead to valid large EDNS0-based DNS responses that can overflow.

- Mitigating factors for TCP include:
- Limit all replies to 1024 bytes.

« Previous | Next »