FreeBSD : glibc -- getaddrinfo stack-based buffer overflow (2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28)

high Nessus Plugin ID 88817
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Fabio Olive Leite reports :

A stack-based buffer overflow was found in libresolv when invoked from nss_dns, allowing specially crafted DNS responses to seize control of EIP in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family, or in some cases AF_INET6 family. The use of AF_UNSPEC (or AF_INET6 in some cases) triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by __res_nquery.

Solution

Update the affected packages.

See Also

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207272

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7547

https://blog.des.no/2016/02/freebsd-and-cve-2015-7547/

http://www.nessus.org/u?94dd3376

https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

http://www.nessus.org/u?7a76ef5e

https://www.tenable.com/security/research/tra-2017-08

Plugin Details

Severity: High

ID: 88817

File Name: freebsd_pkg_2dd7e97ed5e811e5bcbdbc5ff45d0f28.nasl

Version: 2.14

Type: local

Published: 2/18/2016

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux_base-c6, p-cpe:/a:freebsd:freebsd:linux_base-c6_64, p-cpe:/a:freebsd:freebsd:linux_base-f10, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/18/2016

Vulnerability Publication Date: 2/16/2016

Reference Information

CVE: CVE-2015-7547

TRA: TRA-2017-08

IAVA: 2016-A-0053