6.8
CVSSv2

CVE-2015-7547

Published: 18/02/2016 Updated: 30/11/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 701
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) prior to 2.23 allow remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Vulnerability Trend

Vendor Advisories

GNU C Library could be made to crash or run programs if it received specially crafted network traffic ...
A stack-based buffer overflow flaw was found in the send_dg() and send_vc() functions, used by getaddrinfo() and other higher-level interfaces of glibc A remote attacker able to cause an application to call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application ...
A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library Note: this issue is only exposed when libresolv is called ...
ESXi 60 without patch ESXi600-201602401-SG         The glibc library has been updated in multiple products to resolve a stack buffer overflow present in the glibc getaddrinfo function   VMware products have been grouped into the following four categories:   VMware recommends customers evaluate and deploy patches for affected products in T ...
Debian Bug report logs - #812455 glibc: CVE-2015-8779: Unbounded stack allocation in catopen function Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 24 Jan 2016 00:45:01 UTC Severity: important Tags ...
<!-- Start - Changes for Security Advisory Channel --> Security Advisory ID SYMSA1348 Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score: Legacy ID 19 Feb 2016 Closed High CVSS v2: 93 SA1 ...
Debian Bug report logs - #812445 glibc: CVE-2015-8776: Segmentation fault caused by passing out-of-range data to strftime() Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers &lt;debian-glibc@listsdebianorg&gt;; Reported by: Salvatore Bonaccorso &lt;carnil@debianorg&gt; Date: Sat, 23 Jan 2016 23:42:02 UTC Se ...
Debian Bug report logs - #812441 glibc: CVE-2015-8778: Integer overflow in hcreate and hcreate_r Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers &lt;debian-glibc@listsdebianorg&gt;; Reported by: Salvatore Bonaccorso &lt;carnil@debianorg&gt; Date: Sat, 23 Jan 2016 23:36:02 UTC Severity: important Tags: fix ...
A vulnerability has been recently disclosed in the glibc getaddrinfo() function This issue could potentially allow an attacker to inject code into a process that calls the vulnerable function The issue has been assigned the following CVE identifier: CVE-2015-7547:  cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2015-7547 ...
Several vulnerabilities have been fixed in the GNU C Library, glibc The first vulnerability listed below is considered to have critical impact CVE-2015-7547 The Google Security Team and Red Hat discovered that the glibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could misman ...
Support My AccountForcepoint Support Site Guest User (Logout)Community My Account Visitor(login)Community CVE-2015-7547 GNU C Library (glibc) Security Vulnerability Article Number: 000008611 Products: Data Sec ...
The Tenable Appliance is built on a Linux distribution that utilizes the GNU C Library (glibc) A vulnerability was recently reported impacting glibc, which may impact the Appliance According to the researchers, glibc contains an overflow condition in the send_dg() and send_vc() functions in libresolv resolv/res_sendc where input is not properly ...
Oracle Critical Patch Update Advisory - April 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory ...
Oracle Linux Bulletin - January 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are relea ...
Oracle Critical Patch Update Advisory - January 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...

Exploits

/* add by SpeeDr00t@Blackfalcon (jang kyoung chip) This is a published vulnerability by google in the past Please refer to the link below Reference: - googleonlinesecurityblogspotkr/2016/02/cve-2015-7547-glibc-getaddrinfo-stackhtml - githubcom/fjserna/CVE-2015-7547 - CVE-2015-7547: glibc getaddrinfo stack-based buffer ov ...
Sources: googleonlinesecurityblogspotsg/2016/02/cve-2015-7547-glibc-getaddrinfo-stackhtml githubcom/fjserna/CVE-2015-7547 Technical information: glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query Later on, at send_dg() and send_vc(), ...

Mailing Lists

glibc getaddrinfo stack-based buffer overflow exploit that leverages the priorly disclosed issue by Google ...
SEC Consult Vulnerability Lab Security Advisory &lt; 20190904-0 &gt; ======================================================================= title: Multiple vulnerabilities product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, ...
SEC Consult Vulnerability Lab Security Advisory &lt; 20190904-0 &gt; ======================================================================= title: Multiple vulnerabilities product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, ...
Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities ...

Github Repositories

test script for CVE-2015-7547

CVE-2015-7547 glibc vulnerability test script This provides a shell script for testing the glibc vulnerability CVE-2015-7547 It's written for rpm based systems such as Red Hat Enterprise Linux / RHEL / CentOS (5/6/7) Detection for other distributions may follow Resolution Run bin/test-glibcsh to check if your system is vulnerable Update the glibc packages Reboot the s

CVE-2015-7547 initial research.

Initial work on glibc exploit (CVE-2015-7547) Currently just returns to libc and calls system to provide a shell This version does not account for ASLR yet, that will be released soon

CVE-2015-7547 githubcom/fjserna/CVE-2015-7547 で CentOS6でいろいろ落ちるかやってみた。 /CVE-2015-7547-pocpy &amp; vi /etc/resolveconf --------------------------------------------------------------- options single-request-reopen #nameserver 8888 nameserver 127001 --------------------------------------------------------------- PHPの関数

Small script to patch CVE-2015-7547

Patcher script for CVE-2015-7547 Usage Clone it: git clone githubcom/MrAwesomeBro/glibc-patchergit Chmod it: chmod +x glibc_patcher Run it: /glibc_patcher

Small script to patch CVE-2015-7547

Patcher script for CVE-2015-7547 Usage Clone it: git clone githubcom/MrAwesomeBro/glibc-patchergit Chmod it: chmod +x glibc_patcher Run it: /glibc_patcher

Create a Debian base system at a specific time in the past

timemachine-debian What is timemachine? timemachine is a tool that automatically creates a Docker image of a Debian base system at a specific time in the past Why do we need timemachine? timemachine is used to reproduce security vulnerabilities In order to do so, a system with a specific package version, eg, the vulnerable glibc 29 in the CVE-2015-7547, and more impo

CVE-2015-7547 initial research.

Initial work on glibc exploit (CVE-2015-7547) Currently just returns to libc and calls system to provide a shell This version does not account for ASLR yet, that will be released soon

PoC attack server for CVE-2015-7547 buffer overflow vulnerability in glibc DNS stub resolver (public version)

PoC attack server for CVE-2015-7547 vulnerability in glibc DNS stub resolver To test on local machine with a vulnerable glibc version: user@localhost:/$ echo 'nameserver 12700127' | sudo tee /etc/resolvconf user@localhost:/$ echo 'nameserver 12700127' | sudo tee -a /etc/resolvconf user@localhost:/$ sudo python3 attack-serverpy 12700127 Starting U

exploits CVE-2016-5342 CVE-2015-7547

CVE-2015-0235

CVE-glibc CVE-2015-0235 glibc Get Host by Name Issue Copy and paste to get/check wget githubcom/alanmeyer/CVE-glibc/raw/master/get-GHOSTsh chmod +x get-GHOSTsh /get-GHOSTsh References: ####googleonlinesecurityblogspotcom/2016/02/cve-2015-7547-glibc-getaddrinfo-stackhtml ####wwwopenwallcom/lists/oss-security/2015/01/27/9 ####webshareuc

简介 安全行业小工具以及学习资源收集项目,此项目部分内容来自:wwwt00lsnet/thread-38964-1-1html 感谢其分享,这里只是作为个人备份,如有问题可邮件通知。 安全资源 安全资源包括安全书籍,资料,安全教程,学习平台等等。 设备基线加固资料 githubcom/re4lity/Benchmarks

title 黑客工具大搜罗 各种好玩的安全攻防工具。 安全工具(go语言) 序号 名称 项目地址 简介 1 gomitmproxy githubcom/sheepbao/gomitmproxy GomitmProxy是想用golang语言实现的mitmproxy,主要实现http代理,目前实现了http代理和https抓包功能。 2 Hyperfox githubcom/xiam/hyperfox

渗透测试必备工具

-渗透测试必备工具 网上看到渗透测试工具总结不错的文章,转发过来供大家一起学习,链接为:wwwjianshucom/p/9936da5effed 以及wwwsec-redclubcom/indexphp/archives/484/ 如有问题,请联系我! WebGoat漏洞练习环境 githubcom/WebGoat/WebGoat githubcom/WebGoat/WebGoat-Legacy Damn Vulnerable Web Ap

信息记录

Note 漏洞及渗透练习平台: WebGoat漏洞练习平台: githubcom/WebGoat/WebGoat webgoat-legacy漏洞练习平台: githubcom/WebGoat/WebGoat-Legacy zvuldirll漏洞练习平台: githubcom/710leo/ZVulDrill vulapps漏洞练习平台: githubcom/Medicean/VulApps dvwa漏洞练习平台: githubcom/RandomStorm/DVWA 数据库

information security Tools Box (信息安全工具以及资源集合)

简介 安全行业小工具以及学习资源收集项目,此项目部分内容来自:wwwt00lsnet/thread-38964-1-1html 感谢其分享,这里只是作为个人备份,如有问题可邮件通知。 安全资源 安全资源包括安全书籍,资料,安全教程,学习平台等等。 设备基线加固资料 githubcom/re4lity/Benchmarks

网络安全工具汇总

SecurityTools 网络安全工具汇总 漏洞及渗透练习平台 WebGoat漏洞练习环境 githubcom/WebGoat/WebGoat githubcom/WebGoat/WebGoat-Legacy Damn Vulnerable WebApplication(漏洞练习平台) githubcom/RandomStorm/DVWA 数据库注入练习平台 githubcom/Audi-1/sqli-labs 用node编写的漏洞练习平台,like OWASP Node Go

notes some projects in github

Gather of Security tool and blog 其他收录平台或项目传送门 : 开源扫描器收录地址:githubcom/We5ter/Scanners-Box T00ls论坛收集工具集 githubcom/tengzhangchao/Sec-Box 渗透师导航:wwwshentoushitop/ 信息收集工具集:githubcom/redhuntlabs/Awesome-Asset-Discovery K8工具集: githubcom/k8gege/K8

CoreOS Clair Lab - aimed at easily toying around Clair

CoreOS Clair Lab CoreOS Clair is a vulnerability analysis service This lab goals: Use CentOS 7x Vagrant Box Use Docker Official Engine Use Go through the golang container Vagrant This is a CentOS 7 lab, so go for it, with Virtualbox: $ vagrant up --provider=virtualbox The Vagrantfile will automatically provision with latest Docker from official repos pull Clair from Quay

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

Linux kernel EoP exp

linux-kernel-exploits 简介 在github项目:githubcom/SecWiki/linux-kernel-exploits 的基础上增加了最近几年的提权漏洞Exp,漏洞相关信息的搜集在对应漏洞文件夹下的Readmemd。 红队攻击时,可以通过脚本:githubcom/mzet-/linux-exploit-suggester/blob/master/linux-exploit-suggestersh 评估系统可能受到哪些提

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-16995  [Memory corruption caused by BPF verifier] (Linux kern

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-7494  [Samba Remote execution] (Samba 350-464/4510/4414) CVE-2017-7308  [a signedness issue in AF_PACKET sockets]

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820) CVE-2017-1000112  [a memory corruption due to UFO to non-UFO path switch] CVE-2017-16995  [Memory corruption caused by BPF verifier] (Linux kern

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

linux-kernel-exploits Linux平台提权漏洞集合

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

linux-kernel-exploits 简介 linux-kernel-exploits 漏洞列表 #CVE  #Description  #Kernels CVE–2018–18955  [map_write() in kernel/user_namespacec allows privilege escalation] (Linux kernel 415x through 419x before 4192) CVE–2018–1000001  [glibc] (glibc &lt;= 226) CVE-2017-1000367  [Sudo] (Sudo 186p7 - 1820)

Localroot-ALL-CVE~

Localroot Collection Linux 2001 // CVE N/A | Sudo prompt overflow in v157 to 165p2 2002 // CVE-2003-0961 | Linux Kernel 2422 - 'do_brk()' Local Privilege Escalation 2003 // CVE-2003-0127 | Linux Kernel 22x/24x (RedHat) - 'ptrace/kmod' Local Privilege Escalation CVE-2003-0961 | Linux Kernel 2422 - 'do_brk()' Local Privilege Es

satellite-host-cve A script to list CVE's that are either installable or applicable for a host (or all hosts) within one organization Altough Satellite6 gives a nice way to handle errata, there are customers who need to have a view based on CVE's and not on security errata What does code do It lists all CVE's for a host, mapped across it's lifecycle path

This repo records all the vulnerabilities of linux software I have reproduced in my local workspace

LinuxFlaw This repo records all the vulnerabilities of linux software I have reproduced in my local workspace If the vulnerability has both CVE-ID and EDB-ID, CVE-ID is preferred as its directory name All the vulnerable source code packages are stored in source-packages Vmware Workstation Images Image Name username password Ubuntu 810 exploit exploit Ubuntu 1004LTS

Recent Articles

Dan Kaminsky is an expert on DNS security – and he's saying: Patch right God damn now
The Register • Iain Thomson in San Francisco • 20 Feb 2016

Glibc bug – dubbed Skeleton Key – could persist in caches

Exclusive Dan Kaminsky, the man who could have broken DNS but fixed it instead, is warning that the glibc bug found by Red Hat and Google could be much worse than anyone has predicted.
"I've seen a lot of bugs, but this bug was written in May 2008, right at end of my own patching effort on DNS," Kaminsky told The Register on Friday night, referring to his previous research into DNS insecurity in that year. "I'm busy fixing one bug and someone writes another. It took a decade to fix my flaw...

Magnitude of glibc Vulnerability Coming to Light
Threatpost • Michael Mimoso • 17 Feb 2016

Not since Stagefright have we had a vulnerability with the scale and reach of the glibc flaw disclosed on Tuesday.
“It’s pretty bad; you don’t get bugs of this magnitude too often,” said Dan Kaminsky, researcher, cofounder and chief scientist at White Ops. “The code path is widely exposed and available, and it yields remote code execution.”
The flaw affects most Linux servers, along with a number of web frameworks and services that make use of the open source GNU C librar...

Patch ASAP: Tons of Linux apps can be hijacked by evil DNS servers, man-in-the-middle miscreants
The Register • Iain Thomson in San Francisco • 16 Feb 2016

Buffer overflow found in glibc

A huge amount of Linux software can be hijacked by hackers from the other side of the internet, thanks to a serious vulnerability in the GNU C Library (glibc).
Simply clicking on a link or connecting to a server can lead to remote code execution, allowing scumbags to steal passwords, spy on users, attempt to seize control of computers, and so on. Any software that connects to things on a network or the internet, and uses glibc, is at risk.
The glibc library is a vital component in th...

Critical glibc Vulnerability Puts All Linux Machines at Risk
Threatpost • Michael Mimoso • 16 Feb 2016

Glibc, the GNU C library at the core of last year’s GHOST vulnerability, is vulnerable to another critical flaw affecting nearly all Linux machines, as well as API web services and major web frameworks where the code runs.
The vulnerability, discovered independently by researchers at Google and Red Hat, has been patched.
The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The fla...

References

CWE-119http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflowhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.htmlhttp://marc.info/?l=bugtraq&m=145596041017029&w=2http://marc.info/?l=bugtraq&m=145672440608228&w=2http://marc.info/?l=bugtraq&m=145690841819314&w=2http://marc.info/?l=bugtraq&m=145857691004892&w=2http://marc.info/?l=bugtraq&m=146161017210491&w=2http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0175.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0176.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0225.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0277.htmlhttp://seclists.org/fulldisclosure/2019/Sep/7http://support.citrix.com/article/CTX206991http://ubuntu.com/usn/usn-2900-1http://www.debian.org/security/2016/dsa-3480http://www.debian.org/security/2016/dsa-3481http://www.fortiguard.com/advisory/glibc-getaddrinfo-stack-overflowhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160304-01-glibc-enhttp://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/83265http://www.securitytracker.com/id/1035020http://www.vmware.com/security/advisories/VMSA-2016-0002.htmlhttps://access.redhat.com/articles/2161461https://blogs.sophos.com/2016/02/24/utm-up2date-9-355-released/https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/https://bto.bluecoat.com/security-advisory/sa114https://bugzilla.redhat.com/show_bug.cgi?id=1293532https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.htmlhttps://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05028479https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04989404https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05008367https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05053211https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073516https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05098877https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05125672https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128937https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05140858https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05212266https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixeshttps://ics-cert.us-cert.gov/advisories/ICSA-16-103-01https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40161https://kc.mcafee.com/corporate/index?page=content&id=SB10150https://seclists.org/bugtraq/2019/Sep/7https://security.gentoo.org/glsa/201602-02https://security.netapp.com/advisory/ntap-20160217-0002/https://sourceware.org/bugzilla/show_bug.cgi?id=18665https://sourceware.org/ml/libc-alpha/2016-02/msg00416.htmlhttps://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.htmlhttps://support.lenovo.com/us/en/product_security/len_5450https://www.exploit-db.com/exploits/39454/https://www.exploit-db.com/exploits/40339/https://www.kb.cert.org/vuls/id/457759https://www.tenable.com/security/research/tra-2017-08https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28https://usn.ubuntu.com/2900-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/40339/https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01https://www.kb.cert.org/vuls/id/457759