edit-icon download-icon

[Vulnerability notice] CVE-2015-7547: Stack-based buffer overflow vulnerability in getaddrinfo() in glibc

Last Updated: May 07, 2018

Description

Google security team reported an overflow vulnerability in the getaddrinfo() function in glibc. The cause of this vulnerability is that the DNS Server Response returns excessive 2,048 bytes, triggering stack overflow during the subsequent response.

An attacker may take advantage of this vulnerability through a malicious domain name, domain name server (DNS), or man-in-the-middle attack, in an attempt to control software or even the entire system.

Affected versions

Debian and Red Hat Linux operating systems with glibc versions later than 2.9

Fix

  • If you use default DNS servers of Alibaba Cloud images for ECS, you remain unaffected by this vulnerability. We recommend that you do not use third-party DNS servers.

  • Update glibc by running the following command.

    • For Ubuntu/Debian Linux:

      1. sudo apt-get update
      2. sudo apt-get install libc6
    • For CentOS/Red Hat Linux:

      1. sudo yum -y update glibc

      Restart the system after the updates.

  • Follow the official instructions to install the patch.

Thank you! We've received your feedback.