Major Bug in glibc Could Result in System Compromise

By

Buffer Overflow could lead to DNS attack

Google's Security team has reported a problem with the popular glibc library found in most Linux systems that could result in a serious security breach. The problem affects glibc version 2.9 and later. Specifically, the glibc client-side DNS resolver is vulnerable to a buffer overflow attack that could cause the system to access an attacker-controlled website or DNS server.

The post in the Google security blog reports that the glibc team was first alerted to the bug in July 2015 and that Red Hat has also been working on a fix for this problem. The best remedy is to update your systems and install the patch for CVE-2015-7547 as soon as possible.

If you are not immediately able to patch glibc, Google recommends you “… limit the response (i.e., via DNSMasq or similar programs) sizes accepted by the DNS resolver locally as well as ensure that DNS queries are sent only to DNS servers that limit the response size for UDP responses with the truncation bit set.”

02/17/2016

Related content

comments powered by Disqus