[arch-security] [ASA-201504-25] glibc: arbitrary code execution

Remi Gacogne rgacogne at archlinux.org
Thu Apr 23 07:59:44 UTC 2015


Arch Linux Security Advisory ASA-201504-25
==========================================

Severity: High
Date    : 2015-04-23
CVE-ID  : CVE-2015-1781
Package : glibc
Type    : arbitrary code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package glibc before version 2.21-3 is vulnerable to a buffer
overflow resulting in arbitrary code execution.

Resolution
==========

Upgrade to 2.21-3.

# pacman -Syu "glibc>=2.21-3"

The problem has been fixed upstream but a new version has yet to be
released.

Workaround
==========

None.

Description
===========

A buffer overflow in gethostbyname_r() and related functions performing
DNS requests has been fixed. If the NSS functions were called with a
misaligned buffer, the buffer length change due to pointer alignment was
not taken into account. This could result in application crashes or
potentially arbitrary code execution using crafted but syntactically
valid DNS responses.

Impact
======

A remote attacker can crash or execute arbitrary code by crafting
malicious DNS responses to the requests made by an application. To be
vulnerable, the application must be passing a misaligned buffer to
gethostbyname_r() or related functions.

References
==========

https://access.redhat.com/security/cve/CVE-2015-1781
http://www.openwall.com/lists/oss-security/2015/04/21/4
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2959eda9272a033863c271aff62095abd01bd4e3;hp=7bf8fb104226407b75103b95525364c4667c869f


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150423/a71d885a/attachment.asc>


More information about the arch-security mailing list