Arista Networks EOS libresolv Overflow RCE (SA0017)

Medium Nessus Plugin ID 107059

Synopsis

The version of Arista Networks EOS running on the remote device is affected by a remote code execution vulnerability.

Description

The version of Arista Networks EOS running on the remote device is affected by multiple stack-based buffer overflow conditions in the GNU libresolv library, specifically within the send_dg() and send_vc() functions, when handling DNS responses that trigger a call to the getaddrinfo() function with the AF_UNSPEC or AF_INET6 address family.
An unauthenticated, remote attacker can exploit these issues, via a specially crafted DNS response, to cause a denial of service condition or the execution of arbitrary code.

Solution

Upgrade to Arista Networks EOS version 4.13.15M / 4.14.12M / 4.15.5M or later. Alternatively, apply the patch or recommended mitigation referenced in the vendor advisory.

See Also

http://www.nessus.org/u?050a280a

Plugin Details

Severity: Medium

ID: 107059

File Name: arista_eos_sa0017.nasl

Version: 1.2

Type: combined

Family: Misc.

Published: 2018/02/28

Modified: 2018/02/28

Dependencies: 107070

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:arista:eos

Required KB Items: Host/Arista-EOS/Version, Host/Arista-EOS/eos_shell

Patch Publication Date: 2016/04/08

Vulnerability Publication Date: 2015/07/14

Reference Information

CVE: CVE-2015-7547

BID: 83265

CERT: 457759

EDB-ID: 39454, 40339