How to fix CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow

RedHat released Patch for CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow.

 A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.
This vulnerability could allow a remote user to execute code as a privileged user and hence has been highlighted as Critical by Red Hat Product Security. All versions of the glibc package saw effect by this flaw.
This is a serious vulnerability. So I highly recommend to patch the servers. You can find out whether your server is vulnerable or not by running the following command
rpm -q –changelog glibc | grep CVE-2015-7547
If the output of this command shows the following result then the server is already patched.
– Update fix for CVE-2015-7547 (#1296028).
– Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296028).
If there is no output available for the command that i mention above, then you need to patch the server using the following steps
Step 1 : You need to update the glibc package on the server.
 For CentOS server, you can do this by running the command:  yum -y upgrade glibc
 For Unbuntu server, you can do this by running the command: apt-get install –only-upgrade libc6 -y
 Step 2 : Reboot the server.
 For re-confirmation you can try to execute following command again
rpm -q –changelog glibc | grep CVE-2015-7547
If the above mentioned output shows, then its patched! Now you can relax and set back.

Stay Secure!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.