CVE-2016-3706

CVE-2016-3706 is a glibc (GNU C Library) vulnerability: a stack-based buffer overflow in sysdeps/posix/getaddrinfo.c:getaddrinfo can be triggered by hostent conversion and allows remote attackers to cause a denial of service (crash). The entry notes this issue stems from an incomplete fix for CVE...

UBUNTU-CVE-2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for...

glibc: getaddrinfo() writes DNS queries to random file descriptors under high load

It was discovered that, under certain circumstances, glibc's getaddrinfo function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application...

Debian DLA-494-1 : eglibc security update

Several vulnerabilities have been fixed in the Debian GNU C Library, eglibc : CVE-2016-1234 Alexander Cherepanov discovered that the glibc's glob implementation suffered from a stack-based buffer overflow when it was called with the GLOBALTDIRFUNC flag and encountered a long file name...

Updated glibc packages fix security vulnerabilities

Updated glibc packages fix security vulnerabilities: It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing large stack-based buffer overflow with controlled length and content CVE-2016-1234. A stack...

glibc: multiple issues

CVE-2016-1234 arbitrary code execution It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing a large stack-based buffer overflow with controlled length and content. - CVE-2016-3706 denial of service A...

lib32-glibc: multiple issues

CVE-2016-1234 arbitrary code execution It was found that glob implementation in glibc does not correctly handle overlong names in struct dirent buffers when GLOBALTDIRFUNC is used, causing a large stack-based buffer overflow with controlled length and content. - CVE-2016-3706 denial of service A...

BGQ_REDBOOKS (Doc Number=4680): Blue Gene/Q Security Bulletin notification

Abstract BGQREDBOOKS Doc Number=4680: Blue Gene/Q Security Bulletin notification Blue Gene Knowledge Base document 773911444 : Security Bulletin: GNU C library glibc vulnerability affects CVE-2015-7547 A GNU C library glibc stack-based buffer overflow in getaddrinfo vulnerability affects Blue...

Fedora 22 : glibc-2.21-11.fc22 (2016-0480defc94)

This updates addresses a critical security vulnerability in the DNS resolver related to AFUNSPEC queries with getaddrinfo CVE-2015-7547. It also includes security fixes for CVE-2015-8777 and CVE-2015-1781. It improves malloc scalability for applications which start and terminate many threads. The...

openSUSE: Security Advisory for glibc (openSUSE-SU-2016:0512-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Glibc getaddrinfo() stack-overflow

...

ESXi 5.5 < Build 3568722 / 6.0 < Build 3568940 glibc DNS Resolver RCE (VMSA-2016-0002) (remote check)

The remote VMware ESXi host is 5.5 prior to build 3568722 or 6.0 prior to build 3568940. It is, therefore, affected by a stack-based buffer overflow condition in the GNU C Library glibc DNS client-side resolver due to improper validation of user-supplied input when looking up names via the...

glibc: getaddrinfo stack-based buffer overflow

A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note...

Security update for glibc (critical)

This update for glibc fixes the following security issues: fix stack overflow in the glibc libresolv DNS resolver function getaddrinfo, known as CVE-2015-7547. It is a client side networked/remote vulnerability...

glibc CVE-2 0 1 5-7 5 4 7 vulnerability fixes-bug warning-the black bar safety net

Google's security research team disclosed a glibc getaddrinfo-overflow vulnerability, the popular Linux Enterprise system, a server system is almost always affected. As long as the glibc version is greater than 2.9 will be the overflow vulnerability. An attacker may by the vulnerability directly ...

CVE-2015-7547

Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...

Stack overflow

Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...

CVE-2015-7547

Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...

CVE-2015-7547

Multiple stack-based buffer overflows in the 1 senddg and 2 sendvc functions in the libresolv library in the GNU C Library aka glibc or libc6 before 2.23 allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted DNS response that triggers a call to...

SUSE SLES11 Security Update : glibc (SUSE-SU-2016:0470-1)

This update for glibc fixes the following issues : - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses bsc961721 - CVE-2015-8777: Insufficient checking of LDPOINTERGUARD environment...