FreeBSD : glibc -- getaddrinfo stack-based buffer overflow (2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Fabio Olive Leite reports :

A stack-based buffer overflow was found in libresolv when invoked from
nss_dns, allowing specially crafted DNS responses to seize control of
EIP in the DNS client. The buffer overflow occurs in the functions
send_dg (send datagram) and send_vc (send TCP) for the NSS module
libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family, or in
some cases AF_INET6 family. The use of AF_UNSPEC (or AF_INET6 in some
cases) triggers the low-level resolver code to send out two parallel
queries for A and AAAA. A mismanagement of the buffers used for those
queries could result in the response of a query writing beyond the
alloca allocated buffer created by __res_nquery.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207272
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7547
https://blog.des.no/2016/02/freebsd-and-cve-2015-7547/
http://www.nessus.org/u?2fe3cabc
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
http://www.nessus.org/u?cede2325
https://www.tenable.com/security/research/tra-2017-08

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 88817 ()

Bugtraq ID:

CVE ID: CVE-2015-7547

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now