Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) prior to 2.23 allow remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |
||
hp server migration pack 7.5 |
||
hp helion openstack 1.1.1 |
||
hp helion openstack 2.1.0 |
||
hp helion openstack 2.0.0 |
||
sophos unified threat management software 9.319 |
||
sophos unified threat management software 9.355 |
||
suse linux enterprise server 11.0 |
||
suse linux enterprise debuginfo 11.0 |
||
suse linux enterprise software development kit 11.0 |
||
suse linux enterprise software development kit 12 |
||
suse linux enterprise desktop 11.0 |
||
suse linux enterprise server 12 |
||
suse linux enterprise desktop 12 |
||
opensuse opensuse 13.2 |
||
suse suse linux enterprise server 12 |
||
oracle exalogic infrastructure 1.0 |
||
oracle exalogic infrastructure 2.0 |
||
f5 big-ip local traffic manager 12.0.0 |
||
f5 big-ip policy enforcement manager 12.0.0 |
||
f5 big-ip application acceleration manager 12.0.0 |
||
f5 big-ip access policy manager 12.0.0 |
||
f5 big-ip analytics 12.0.0 |
||
f5 big-ip advanced firewall manager 12.0.0 |
||
f5 big-ip domain name system 12.0.0 |
||
f5 big-ip application security manager 12.0.0 |
||
f5 big-ip link controller 12.0.0 |
||
oracle fujitsu m10 firmware |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server aus 7.2 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux hpc node 7.0 |
||
redhat enterprise linux server eus 7.2 |
||
redhat enterprise linux hpc node eus 7.2 |
||
gnu glibc 2.9 |
||
gnu glibc 2.11 |
||
gnu glibc 2.10.1 |
||
gnu glibc 2.17 |
||
gnu glibc 2.14 |
||
gnu glibc 2.22 |
||
gnu glibc 2.20 |
||
gnu glibc 2.13 |
||
gnu glibc 2.12.1 |
||
gnu glibc 2.19 |
||
gnu glibc 2.10 |
||
gnu glibc 2.14.1 |
||
gnu glibc 2.11.2 |
||
gnu glibc 2.16 |
||
gnu glibc 2.18 |
||
gnu glibc 2.11.3 |
||
gnu glibc 2.11.1 |
||
gnu glibc 2.21 |
||
gnu glibc 2.15 |
||
gnu glibc 2.12 |
||
gnu glibc 2.12.2 |
Glibc bug – dubbed Skeleton Key – could persist in caches
Exclusive Dan Kaminsky, the man who could have broken DNS but fixed it instead, is warning that the glibc bug found by Red Hat and Google could be much worse than anyone has predicted. "I've seen a lot of bugs, but this bug was written in May 2008, right at end of my own patching effort on DNS," Kaminsky told The Register on Friday night, referring to his previous research into DNS insecurity in that year. "I'm busy fixing one bug and someone writes another. It took a decade to fix my flaw and I...
Buffer overflow found in glibc
A huge amount of Linux software can be hijacked by hackers from the other side of the internet, thanks to a serious vulnerability in the GNU C Library (glibc). Simply clicking on a link or connecting to a server can lead to remote code execution, allowing scumbags to steal passwords, spy on users, attempt to seize control of computers, and so on. Any software that connects to things on a network or the internet, and uses glibc, is at risk. The glibc library is a vital component in the vast major...