‘Skeleton’ Buffer Overflow Vulnerability
Various products may be affected by this vulnerability, given the common vulnerability and exposures designation of CVE-2015_7547.
Multiple vulnerabilities in the ‘libresolv’ library of the ‘GNU C Library’ (aka ‘glibc’), could allow a remote attacker to remotely execute code. This typically affects systems based on Linux derived platforms, or platforms operating a ‘Linux compatability’ mode, which in turn resolve DNS queries using ‘glibc’.
We are bringing this vulnerability to the attention of our customers in light of recent press releases. Note that Netnorth resolvers limit the UDP packet length to mitigate this issue, but customers who may have deployed affected software / hardware AND who choose to resolve DNS themselves or externally, will need to ensure that relevant patches are applied to avoid exposure.
For more information see:
- http://www.theregister.co.uk/2016/02/20/glibc_kaminsky_cve_2015_7547/
- http://dankaminsky.com/2016/02/20/skeleton/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7547/
Or search for
‘ CVE-2015_7547 ‘
If you have any further questions, please email support@netnorth.co.uk
Regards
Netnorth Support