Security Advisory CVE-2015-7547 (DNS Multiple Stack-Based Buffer Overflows)

Marked as obsolete (ref: https://xmatters.atlassian.net/browse/DOC-10377)

Note: This vulnerability was investigated as documented in https://xmatters.atlassian.net/browse/COREL-2592 which has been marked as "Closed" and "Fixed".

Information supplied by Robert Hawk and the xMatters Security Office.

On Friday, February 19, 2016, the National Vulnerability Database (NVD) announced multiple stack-based buffer overflows in the send_dg and send_vc functions in the libresolv library of the GNU C library. This vulnerability was assigned the identifier CVE-2015-7547 by the NVD at the National Institute of Standards and Technology.

The xMatters cloud-based service operations have low exposure to the CVE-2015-7547 vulnerability. Monitoring will be used until a patch is deployed to detect system anomalies and respond accordingly.

The xMatters Operations team analyzed exposure to CVE-2015-7547 and determined that while xMatters uses the affected code, the system's configuration mitigates the vulnerability. The affected code is used for DNS name resolution for A/AAAA records. Exposure allows remote attackers to cause a denial of service (crash), or possibly execute code via a crafted DNS response that triggers a call to the ‘getaddrinfo’ function with the AF_UNSPEC or AF_INET6 address family, related to performing ‘dual A/AAAA DNS queries’ and the libnss_dns.so.2 NSS module. xMatters network architecture has Next Generation (NG) Deep Packet Inspection (DPI) firewalls before all internal assets, including DNS servers, as well as trusted DNS servers in a different network segment as processing and storage assets. xMatters will deploy the code fix in compliance to the Patch Management Policy and Procedures. The minimal exposure to the CVE-2015-7547 vulnerability will be monitored and dealt with by Operations.
 

Resources:




The information in this article is proprietary and confidential to xMatters and xMatters customers. Do not distribute or print.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk