Cisco Nexus 3000 / 9000 Series GNU C Library (glibc) getaddrinfo() RCE (cisco-sa-20160218-glibc)
Medium Nessus Plugin ID 93480
The remote device is missing a vendor-supplied security patch.
The version of Cisco NX-OS software running on the remote device is affected by a remote code execution vulnerability in the bundled version of the GNU C Library (glibc) due to a stack-based buffer overflow condition in the DNS resolver. An unauthenticated, remote attacker can exploit this, via a crafted DNS response that triggers a call to the getaddrinfo() function, to cause a denial of service condition or the execution of arbitrary code.
Upgrade to the relevant fixed version or install the relevant SMU patches referenced in Cisco bug ID CSCuy36553 / CSCuy38921.