Arista Networks EOS libresolv Overflow RCE (SA0017)

high Nessus Plugin ID 107059

Synopsis

The version of Arista Networks EOS running on the remote device is affected by a remote code execution vulnerability.

Description

The version of Arista Networks EOS running on the remote device is affected by multiple stack-based buffer overflow conditions in the GNU libresolv library, specifically within the send_dg() and send_vc() functions, when handling DNS responses that trigger a call to the getaddrinfo() function with the AF_UNSPEC or AF_INET6 address family.
An unauthenticated, remote attacker can exploit these issues, via a specially crafted DNS response, to cause a denial of service condition or the execution of arbitrary code.

Solution

Upgrade to Arista Networks EOS version 4.13.15M / 4.14.12M / 4.15.5M or later. Alternatively, apply the patch or recommended mitigation referenced in the vendor advisory.

See Also

http://www.nessus.org/u?050a280a

Plugin Details

Severity: High

ID: 107059

File Name: arista_eos_sa0017.nasl

Version: 1.8

Type: combined

Family: Misc.

Published: 2/28/2018

Updated: 3/13/2020

Risk Information

VPR

Risk Factor: Critical

Score: 9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

CVSS Score Source: CVE-2015-7547

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:arista:eos

Required KB Items: Host/Arista-EOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/8/2016

Vulnerability Publication Date: 7/14/2015

Reference Information

CVE: CVE-2015-7547

BID: 83265

CERT: 457759

EDB-ID: 39454, 40339