Skip to main content

"glibc" Library Vulnerability

VUIT Security Notice: Vulnerability found in “glibc” library, patch immediately

Vanderbilt IT would like to bring the following information to the technical community’s attention, especially those who use the “glibc” library.

A critical vulnerability (CVE-2015-7547) has been identified in the way that the libresolv library performs dual A/AAAA DNS queries. The “glibc” DNS client-side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Any software that uses this function can be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. 

The security vulnerability has been identified as critical because it can be exploited remotely and can potentially allow the attacker to take control of the affected machine. In turn, this grants the attacker access to other systems within the network

Below is a list of affected versions:

  • All systems utilizing glibc2.9 and later (Techs administering a network-attached device should verify with their vendors to see if their versions could be affected.)
  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 6.7 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 6.7 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.7 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 6.7 x86_64
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 7.1 Extended Update Support
  • Debian squeeze
  • Debian wheezy
  • Debian jessie

It is imperative that users patch accordingly as soon as possible by visiting the following site: https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html.

If you suspect that your system was targeted as a result of this vulnerability, contact VUIT Incident Response at VUIT.Incident.Response@vanderbilt.edu.

VUIT will continue to monitor this vulnerability closely. The team has instituted detection capability for this vulnerability on authenticated systems.

For more information, please contact VUIT Security Operations at vuit.incident.response@vanderbilt.edu.

Sources and References:
https://access.redhat.com/security/cve/cve-2015-7547
http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/
https://access.redhat.com/errata/RHSA-2016:0175