8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
Google’s security research team recently disclosed a glibc getaddrinfo-overflow vulnerability.
Vulnerability details the discovery process can be found in the [Google blog](<https://googleonlinesecurity.blogspot.ca/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html?m=1> a). (Digression, Google engineers are genuine)
The vulnerability cause is that the DNS Server Response to return an excess of the(2 0 4 8 ) bytes, leads to the next response trigger stack overflow.
The vulnerability relies on an oversized (2 0 4 8 bytes) UDP or TCP response, which is followed by another response that will overwrite the stack.
All of the Debian family, Red Hat series of Linux distributions, as long as the glibc version is greater than 2. 9 will be affected.
Currently Google has provided a POC, according to the Google blog, the vulnerability should be able to bypass the memory protection techniques, thereby forming a code execution vulnerability.
POC address: github.com/fjserna/CVE-2015-7547
In my own local lubuntu for testing, the libc version is 2.19 in. lubuntu series also belong to Debian release version, so in theory, meet the vulnerability criteria.
The test procedure is as follows:
According to the vulnerability Description, We can make a fake DNS Server as an intermediary, to verify the vulnerability.
If they contain vulnerabilities, it will cause Segmentation Fault.
! [](/Article/UploadPic/2016-2/2 0 1 6 2 1 8 9 3 1 8 2 3 0. png)
Due to the gilbc 2.9 in 2 0 0 8 was released, so a large number of Linux systems are affected by the vulnerability. If once bypass the Memory Protection Technology, the vulnerability can become a big kill.
A hijacked DNS server for MiTM attacks, can be directly in bulk to obtain a large number of host permissions.
1 play patch, refer to the official introduction
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%