Ask a question to Desklib · AI bot


Vulnerability in GNU C Library allows remote code execution

4 Pages937 Words382 Views

Added on  2019-09-19

About This Document

A vulnerability in all versions of glibc since 2.9 allows remote attackers to execute arbitrary code through altered DNS response. The client side of glibc DNS resolver is prone to stack-based buffer overflow. This article provides a technical description of the vulnerability, its attack vector, exploitation scenario, mitigation, and remediation.
BookmarkShareRelated Documents
Executive SummaryGoogle engineers published a blog about a vulnerability which was found in all versions ofglibc since 2.9. The post was published on February 16 2016. As per the blog post, the clientside of glibc DNS resolver is prone to stack-based buffer overflow. When multiple bufferoverflows in send_dg and send_vc functions in the libresolve library in GNU C library, endup allowing remote attackers to gain access and cause denial of service or may even executearbitrary code through altered DNS response. This in tuen triggers a call to the getddrinfo()with address family: AF_UNSPEC or AF_INET6. It is related to executing “dual A/AAAADNS queries” along with NSS module. Any software may be altered usingthis function with domain names controlled by the attacker or through an attack via man-in-the-middle.
Vulnerability in GNU C Library allows remote code execution_1
Technical DescriptionVulnerability DescriptionThe GNU C Library is ordinarily utilized for standard framework calls by programs writtenin C and C++. Six vulnerabilities of the GNU glibc library on Linux disseminations havebeen accounted for in February sixteenth 2016 that could enable a remote aggressor toexecute subjective code on a powerless framework. These vulnerabilities are recognizedCVE-2014-9761, CVE-2015-5229, CVE-2015-7547, CVE-2015-8776, CVE-2015-8778 andCVE2015-8779. An aggressor with the capacity to answer a DNS question originating froman influenced item could make the reaction in a way that would cause a product crash.Regardless of whether the product crash would be deadly to the general capacity of the itemis still under scrutiny. Google has inside exhibited remote code execution in light of thispowerlessness. Assaults that accomplish remote code execution should regularly beexceptionally modified to a particular application. The potential for remote code executioninside influenced items stays obscure [1].Attack VectorThe DNS intermediary on localhost will ask the assailant the two inquiries overUDP, and the aggressor reacts with a TC banner to drive customer to retry overTCP. The aggressor reacts once with a TCP reaction of 2049 bytes or more, at that pointpowers the intermediary to close the TCP association with glibc resolver code.This is a basic advance with no solid method to accomplish that. The assailant sends back a full assault payload, which the intermediary cheerfullyadvances to the glibc resolver customer [2].Exploitation Scenario
Vulnerability in GNU C Library allows remote code execution_2

Found this document preview useful?