A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.
Find out more about CVE-2015-7547 from the MITRE CVE dictionary dictionary and NIST NVD.
After updating the glibc package on affected systems, it is strongly recommended to reboot the system or restart all the affected services. For more information please refer to: https://access.redhat.com/articles/2161461
Base Score | 6.8 |
---|---|
Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux Extended Update Support 6.6 (glibc) | RHSA-2016:0225 | 2016-02-16 |
Red Hat Enterprise Linux 7 (glibc) | RHSA-2016:0176 | 2016-02-16 |
Red Hat Enterprise Linux Advanced Update Support 6.5 (glibc) | RHSA-2016:0225 | 2016-02-16 |
Red Hat Enterprise Linux Advanced Update Support 6.4 (glibc) | RHSA-2016:0225 | 2016-02-16 |
Red Hat Enterprise Linux 6 (glibc) | RHSA-2016:0175 | 2016-02-16 |
Red Hat Enterprise Linux Extended Update Support 7.1 (glibc) | RHSA-2016:0225 | 2016-02-16 |
Red Hat Enterprise Linux Advanced Update Support 6.2 (glibc) | RHSA-2016:0225 | 2016-02-16 |
RHEV Hypervisor for RHEL-6 | RHSA-2016:0277 | 2016-02-19 |
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts (rhev-hypervisor7) | RHSA-2016:0277 | 2016-02-19 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux Extended Update Support 7.2 | rhel-guest-image | Affected |
Red Hat Enterprise Linux Extended Update Support 6.7 | guest-images | Affected |
Red Hat Enterprise Linux 5 | glibc | Not affected |
Red Hat Enterprise Linux 4 | glibc | Not affected |
Red Hat Enterprise Linux 3 | glibc | Not affected |