The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of glibc: buffer overflow of getaddrinfo

Synthesis of the vulnerability 

An attacker, who owns a malicious DNS server, can reply with long data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Vulnerable systems: ArubaOS, Blue Coat CAS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco Catalyst, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Cisco Prime DCNM, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco Wireless IP Phone, Cisco Wireless Controller, XenDesktop, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, QRadar SIEM, Trinzic, NSM Central Manager, NSMXpress, McAfee Email Gateway, McAfee MOVE AntiVirus, VirusScan, McAfee Web Gateway, openSUSE, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RealPresence Distributed Media Application, Polycom VBP, RHEL, ROX, RuggedSwitch, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware vSphere, VMware vSphere Hypervisor.
Severity of this threat: 4/4.
Creation date: 16/02/2016.
Revision date: 17/02/2016.
Références of this weakness: 046146, 046151, 046153, 046155, 046158, 1977665, 478832, 479427, 479906, 480572, 480707, 480708, ARUBA-PSA-2016-001, BSA-2016-003, BSA-2016-004, CERTFR-2016-AVI-066, CERTFR-2016-AVI-071, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20160218-glibc, CTX206991, CVE-2015-7547, DSA-2019-197, ESA-2016-020, ESA-2016-027, ESA-2016-028, ESA-2016-029, ESA-2016-030, FEDORA-2016-0480defc94, FEDORA-2016-0f9e9a34ce, JSA10774, KB #4858, openSUSE-SU-2016:0490-1, openSUSE-SU-2016:0510-1, openSUSE-SU-2016:0511-1, openSUSE-SU-2016:0512-1, PAN-SA-2016-0021, RHSA-2016:0175-01, RHSA-2016:0176-01, RHSA-2016:0225-01, SA114, SB10150, SOL47098834, SSA:2016-054-02, SSA-301706, SUSE-SU-2016:0470-1, SUSE-SU-2016:0471-1, SUSE-SU-2016:0472-1, SUSE-SU-2016:0473-1, USN-2900-1, VIGILANCE-VUL-18956, VMSA-2016-0002, VMSA-2016-0002.1, VN-2016-003.

Description of the vulnerability 

The glibc library implements a DNS resolver (libresolv).

An application can thus call the getaddrinfo() function, which queries DNS servers. When the AF_UNSPEC type is used in the getaddrinfo() call, two DNS A and AAAA queries are sent simultaneously. However, this special case, and a case with AF_INET6 are not correctly managed, and lead to an overflow if the reply coming from the DNS server is larger than 2048 bytes.

An attacker, who owns a malicious DNS server, can therefore reply with large data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security bulletin impacts software or systems such as ArubaOS, Blue Coat CAS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco Catalyst, IOS XE Cisco, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Cisco Prime DCNM, Secure ACS, Cisco CUCM, Cisco IP Phone, Cisco Wireless IP Phone, Cisco Wireless Controller, XenDesktop, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, ExtremeXOS, BIG-IP Hardware, TMOS, Fedora, QRadar SIEM, Trinzic, NSM Central Manager, NSMXpress, McAfee Email Gateway, McAfee MOVE AntiVirus, VirusScan, McAfee Web Gateway, openSUSE, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RealPresence Distributed Media Application, Polycom VBP, RHEL, ROX, RuggedSwitch, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware vSphere, VMware vSphere Hypervisor.

Our Vigil@nce team determined that the severity of this cybersecurity announce is critical.

The trust level is of type confirmed by the editor, with an origin of internet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a specialist ability can exploit this vulnerability alert.

Solutions for this threat 

glibc: patch for getaddrinfo.
A patch is indicated in information sources.

glibc: workaround for getaddrinfo.
A workaround is to:
 - Limit TCP DNS packets to 1024 bytes at the firewall.
 - Limit UDP DNS packets to 512 bytes at the firewall.
 - Do not enable "options edns0" in /etc/resolv.conf (workaround not complete).
 - Do not enable RES_USE_EDNS0 nor RES_USE_DNSSEC (workaround not complete).

ArubaOS: fixed versions for getaddrinfo.
Fixed versions are indicated in information sources.

Blue Coat Content Analysis System: version 1.3.6.1.
The version 1.3.6.1 is fixed.

Brocade: solution for multiple vulnerabilities (04/04/2016).
The following versions fix several vulnerabilities (but not CVE-2016-0705):
  Brocade Network Advisor : install version 12.4.2 or 14.0.1.
  Brocade vTM : install version 9.9r1 or 10.3r1.
The detailled solution is indicated in information sources.

Brocade Virtual Traffic Manager: versions 9.9r1 and 10.3r1.
Versions 9.9r1 and 10.3r1 are fixed:
  http://www.brocade.com/

Cisco: solution for getaddrinfo.
The solution is indicated in information sources.

Citrix NetScaler, XenDesktop: solution for getaddrinfo.
The solution is indicated in information sources.

Dell EMC VNXe: version MR4 Service Pack 5.
The version MR4 Service Pack 5 is fixed:
  https://www.dell.com/support/

EMC PowerPath: solution for getaddrinfo.
The solution is indicated in information sources.

EMC Unisphere Central: solution for getaddrinfo.
The solution is indicated in information sources.

EMC VNXe: solution for getaddrinfo.
The solution is indicated in information sources.

EMC VNX Monitoring and Reporting: solution for getaddrinfo.
The solution is indicated in information sources.

Extreme Networks: solution for getaddrinfo.
The solution is indicated in information sources.

F5 BIG-IP: solution for getaddrinfo.
The solution is indicated in information sources.

Fedora 22: new glibc packages.
New packages are available:
  Fedora 22: glibc 2.21-11.fc22

Fedora 23: new glibc packages.
New packages are available:
  Fedora 23: glibc 2.22-9.fc23

IBM QRadar SIEM: patch for getaddrinfo.
A patch is indicated in information sources.

Infoblox NIOS: versions 6.12.16, 7.1.10, 7.2.6 and 7.3.2.
Versions 6.12.16, 7.1.10, 7.2.6 and 7.3.2 are fixed.

Juniper NSM Appliance: patch for Upgrade Package v3.
A patch is available:
  http://www.juniper.net/support/downloads/?p=nsm#sw

McAfee: solution for getaddrinfo.
The solution is indicated in information sources.

openSUSE 11.4/13.1: new glibc packages.
New packages are available:
  openSUSE 11.4: glibc 2.11.3-69.2
  openSUSE 13.1: glibc 2.18-4.41.1

openSUSE 13.2/42.1: new glibc packages.
New packages are available:
  openSUSE 13.2: glibc 2.19-16.22.2
  openSUSE Leap 42.1: glibc 2.19-19.1

PAN-OS: versions 5.0.20, 5.1.13, 6.0.15, 6.1.13, 7.0.8 and 7.1.4.
Versions 5.0.20, 5.1.13, 6.0.15, 6.1.13, 7.0.8 and 7.1.4 are fixed.

Polycom Distributed Media Application: version 6.3.2.
The version 6.3.2 is fixed:
  http://support.polycom.com/

Polycom VBP 7301: version 14.2.5.
The version 14.2.5 is fixed:
  http://support.polycom.com/

RHEL 6.7: new glibc packages.
New packages are available:
  RHEL 6: glibc 2.12-1.166.el6_7.7

RHEL 6 AUS, 7 EUS: new glibc packages.
New packages are available:
  RHEL 6: glibc 2.12-1.47.el6_2.17, glibc 2.12-1.107.el6_4.9, glibc 2.12-1.132.el6_5.7, glibc 2.12-1.149.el6_6.11
  RHEL 7: glibc 2.17-79.el7_1.4

RHEL 7.2: new glibc packages.
New packages are available:
  RHEL 7: glibc 2.17-106.el7_2.4

Siemens ROX: version 2.9.1.
The version 2.9.1 is fixed:
  https://www.siemens.com/automation/support-request

Slackware: new glibc packages.
New packages are available:
  Slackware 14.1: glibc 2.17-*-11_slack14.1

SUSE LE 11 SP2: new glibc packages.
New packages are available:
  SUSE LE 11 SP2: glibc 2.11.3-17.45.66.1

SUSE LE: new glibc packages.
New packages are available:
  SUSE LE 11 SP3: glibc 2.11.3-17.95.2
  SUSE LE 11 SP4: glibc 2.11.3-17.95.2
  SUSE LE 12 RTM: glibc 2.19-22.13.1
  SUSE LE 12 SP1: glibc 2.19-35.1

Synology DS, RS: version 5.2-5644 Update 5.
The version 5.2-5644 Update 5 is fixed:
  https://www.synology.com/

Ubuntu: new libc6 packages.
New packages are available:
  Ubuntu 15.10: libc6 2.21-0ubuntu4.1
  Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.7
  Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.13

VMware ESXi: patch for getaddrinfo.
A patch is available:
  ESXi 5.5: ESXi550-201602401-SG

Wind River Linux: solution for getaddrinfo.
The solution is indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability watch. The technology watch team tracks security threats targeting the computer system.