Information supplied by Robert Hawk and the xMatters Security Office.
On Friday, February 19, 2016, the National Vulnerability Database (NVD) announced multiple stack-based buffer overflows in the send_dg and send_vc functions in the libresolv library of the GNU C library. This vulnerability was assigned the identifier CVE-2015-7547 by the NVD at the National Institute of Standards and Technology.
The xMatters cloud-based service operations have low exposure to the CVE-2015-7547 vulnerability. Monitoring will be used until a patch is deployed to detect system anomalies and respond accordingly.
The xMatters Operations team analyzed exposure to CVE-2015-7547 and determined that while xMatters uses the affected code, the system's configuration mitigates the vulnerability. The affected code is used for DNS name resolution for A/AAAA records. Exposure allows remote attackers to cause a denial of service (crash), or possibly execute code via a crafted DNS response that triggers a call to the ‘getaddrinfo’ function with the AF_UNSPEC or AF_INET6 address family, related to performing ‘dual A/AAAA DNS queries’ and the libnss_dns.so.2 NSS module. xMatters network architecture has Next Generation (NG) Deep Packet Inspection (DPI) firewalls before all internal assets, including DNS servers, as well as trusted DNS servers in a different network segment as processing and storage assets. xMatters will deploy the code fix in compliance to the Patch Management Policy and Procedures. The minimal exposure to the CVE-2015-7547 vulnerability will be monitored and dealt with by Operations.
The information in this article is proprietary and confidential to xMatters and xMatters customers. Do not distribute or print.