Industry News

Linux Vulnerability points to buggy DNS resolver in glibc

URL Flipping Vulnerability Found in Chrome and Firefox for Android

A vulnerability in the GNU C Library (glibc), that’s part of most Linux distributions, has been patched following joint research by Google and Red Hat.

The issue involves a buffer overflow triggered by a malicious DNS server that returned too much information to lookup requests. Particularly, a malicious DNS server could deliver UDP and TCP responses packets exceeding 2,048 bytes, flooding the target’s memory with code.

“Our initial investigations showed that the issue affected all the versions of glibc since 2.9,” reads the Google blog post. “You should definitely update if you are on an older version though. If the vulnerability is detected, machine owners may wish to take steps to mitigate the risk of an attack.”

An attack vector exploiting this vulnerability could involve a series of spearphishing attacks disseminating malicious URLs that point victims to the hostile DNS server. Of course, security experts agree that other attack scenarios, such as man-in-the-middle attacks or attacker-controlled domain names, could leverage this vulnerability.

“The vectors to trigger this buffer overflow are very common and can include ssh, sudo, and curl,” reads the Google Advisory. “We are confident that the exploitation vectors are diverse and widespread; we have not attempted to enumerate these vectors further.”

Those interested in the full technical details can go through the CVE-2015-7547 published in 2015. Everyone is encouraged to install the latest patch that addresses the issue to avoid any security incidents related to this vulnerability.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *