Linux Vulnerability points to buggy DNS resolver in glibc

A vulnerability in the GNU C Library (glibc), that’s part of most Linux distributions, has been patched following joint research by Google and Red Hat.

The issue involves a buffer overflow triggered by a malicious DNS server that returned too much information to lookup requests. Particularly, a malicious DNS server could deliver UDP and TCP responses packets exceeding 2,048 bytes, flooding the target’s memory with code.

“Our initial investigations showed that the issue affected all the versions of glibc since 2.9,” reads the Google blog post. “You should definitely update if you are on an older version though. If the vulnerability is detected, machine owners may wish to take steps to mitigate the risk of an attack.”

An attack vector exploiting this vulnerability could involve a series of spearphishing attacks disseminating malicious URLs that point victims to the hostile DNS server. Of course, security experts agree that other attack scenarios, such as man-in-the-middle attacks or attacker-controlled domain names, could leverage this vulnerability.

“The vectors to trigger this buffer overflow are very common and can include ssh, sudo, and curl,” reads the Google Advisory. “We are confident that the exploitation vectors are diverse and widespread; we have not attempted to enumerate these vectors further.”

Those interested in the full technical details can go through the CVE-2015-7547 published in 2015. Everyone is encouraged to install the latest patch that addresses the issue  to avoid any security incidents related to this vulnerability.

Leave a Reply