The security personnel found that there is a serious security vulnerability in GNU C Library (glibc) , which can lead Linux software to be hijacked by an attacker, and then execute arbitrary code on the Linux platform to get the password, monitor users and even control the computer (CVE number is CVE-2015 -7547).



glibc is the libc library released by GNU, namely c runtime library. It is the lowest level API in Linux system, nearly other runtime libraries will depend on glibc. And glibc is used in many Linux distributions, so these vulnerabilities affect widely.


Vulnerability Overview

A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.


Fixing Status


One Comment

Leave a Reply