CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow

malware-laptopIt’s been a torrid few months for BIND with various vulnerabilities and fixes published. This demonstrates the need to implement a robust patching schedule and it may make sense to reserve slots in your change control process to enable systems, like DNS servers, to be kept up to date with the latest security fixes.

However it’s not just BIND that suffers from these issues, sometimes issues are found in the underlying operating system or a component library, and a vulnerability was recently found in the glibc library, which contains routines used by the DNS resolver on many Linux based systems, including many home based broadband routers.

The vulnerability has received the identifier CVE-2015-7547 and can only be successfully mitigated by patching the glibc library. An interesting post from Cloudflare goes into some detail about the vulnerability.

Infoblox have released new versions of NIOS to address this vulnerability as follows: 6.12.16, 7.1.10, 7.2.6 and 7.3.2. We suggest you upgrade, especially if you haven’t done so for a few months, as there have been some other vulnerabilities that will also get fixed.

About Paul Roberts

Paul has spent his entire career within the IT industry and since 1997 has been deploying DNS, DHCP and IPAM solutions globally. Paul is a regular guest speaker at exhibitions and seminars.

Leave a comment