ID

VAR-201509-0438


CVE

CVE-2015-1781


TITLE

GNU C Library of gethostbyname_r And other unspecified NSS Buffer overflow vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2015-004995

DESCRIPTION

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. GNU glibc is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may crash the application, denying service to legitimate users. The updated packages provides a solution for these security issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1781 https://rhn.redhat.com/errata/RHSA-2015-0863.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 92aa475c44c712eaf19898ef76e04183 mbs1/x86_64/glibc-2.14.1-12.12.mbs1.x86_64.rpm 606cdd33e041f9853eae18f53c9d73de mbs1/x86_64/glibc-devel-2.14.1-12.12.mbs1.x86_64.rpm 133deb850840d464335e5c659cba1627 mbs1/x86_64/glibc-doc-2.14.1-12.12.mbs1.noarch.rpm 7a3d5170647c52cd4a34d2dcda711397 mbs1/x86_64/glibc-doc-pdf-2.14.1-12.12.mbs1.noarch.rpm 96c842afb6110ac18a40b843b51548fc mbs1/x86_64/glibc-i18ndata-2.14.1-12.12.mbs1.x86_64.rpm 703e73278d416a53096fe19c7652c95e mbs1/x86_64/glibc-profile-2.14.1-12.12.mbs1.x86_64.rpm 12f09ed16d9c4b0f9a94e931569dacc3 mbs1/x86_64/glibc-static-devel-2.14.1-12.12.mbs1.x86_64.rpm 09715361d0af4a4dd5fba44239c5e690 mbs1/x86_64/glibc-utils-2.14.1-12.12.mbs1.x86_64.rpm c9a293ac29070d215eb1988bba58aaec mbs1/x86_64/nscd-2.14.1-12.12.mbs1.x86_64.rpm 8d8b74de2d7c0e982e0ad82ac73091b2 mbs1/SRPMS/glibc-2.14.1-12.12.mbs1.src.rpm Mandriva Business Server 2/X86_64: e59cee8712d211add638c1b6c1952fa6 mbs2/x86_64/glibc-2.18-10.2.mbs2.x86_64.rpm baf9e44f8c4f82c75a0154d44b6fce72 mbs2/x86_64/glibc-devel-2.18-10.2.mbs2.x86_64.rpm f3eb6e3ed435f8a06dcffbfa7a44525b mbs2/x86_64/glibc-doc-2.18-10.2.mbs2.noarch.rpm 5df45f7cae82ef7d354fa14c7ac363c9 mbs2/x86_64/glibc-i18ndata-2.18-10.2.mbs2.x86_64.rpm 24ef48d58c7a4114068e7b70dbefad79 mbs2/x86_64/glibc-profile-2.18-10.2.mbs2.x86_64.rpm 5f67c12f02dbc3f4cbf78f1a8c7d5ad5 mbs2/x86_64/glibc-static-devel-2.18-10.2.mbs2.x86_64.rpm f24e67e1ed1b01e5305c28b3a9b02852 mbs2/x86_64/glibc-utils-2.18-10.2.mbs2.x86_64.rpm bae4b399bc43be8af24ddd93257ca31a mbs2/x86_64/nscd-2.18-10.2.mbs2.x86_64.rpm 740d9b3d14292be8847da92243340b62 mbs2/SRPMS/glibc-2.18-10.2.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVQdmKmqjQ0CJFipgRAu9OAJwI4qgyYarvpMKjETt/eXgSHaamygCgmXKN CcYQqcoEvRpdXRja7wZi/zk= =26+M -----END PGP SIGNATURE----- . 7.1) - ppc64, ppc64le, s390x, x86_64 3. It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security, bug fix, and enhancement update Advisory ID: RHSA-2015:2199-07 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2199.html Issue date: 2015-11-19 CVE Names: CVE-2013-7423 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781 ===================================================================== 1. Summary: Updated glibc packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423) A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. (CVE-2015-1781) A heap-based buffer overflow flaw and a stack overflow flaw were found in glibc's swscanf() function. (CVE-2015-1472, CVE-2015-1473) An integer overflow flaw, leading to a heap-based buffer overflow, was found in glibc's _IO_wstr_overflow() function. (BZ#1195762) A flaw was found in the way glibc's fnmatch() function processed certain malformed patterns. An attacker able to make an application call this function could use this flaw to crash that application. (BZ#1197730) The CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat. These updated glibc packages also include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal: https://access.redhat.com/articles/2050743 All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1064066 - Test suite failure: test-ldouble 1098042 - getaddrinfo return EAI_NONAME instead of EAI_AGAIN in case the DNS query times out 1144133 - calloc in dl-reloc.c computes size incorrectly 1187109 - CVE-2013-7423 glibc: getaddrinfo() writes DNS queries to random file descriptors under high load 1188235 - CVE-2015-1472 glibc: heap buffer overflow in glibc swscanf 1195762 - glibc: _IO_wstr_overflow integer overflow 1197730 - glibc: potential denial of service in internal_fnmatch() 1199525 - CVE-2015-1781 glibc: buffer overflow in gethostbyname_r() and related functions with misaligned buffer 1207032 - glibc deadlock when printing backtrace from memory allocator 1209105 - CVE-2015-1473 glibc: Stack-overflow in glibc swscanf 1219891 - Missing define for TCP_USER_TIMEOUT in netinet/tcp.h 1225490 - [RFE] Unconditionally enable SDT probes in glibc builds. 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-105.el7.src.rpm x86_64: glibc-2.17-105.el7.i686.rpm glibc-2.17-105.el7.x86_64.rpm glibc-common-2.17-105.el7.x86_64.rpm glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-devel-2.17-105.el7.i686.rpm glibc-devel-2.17-105.el7.x86_64.rpm glibc-headers-2.17-105.el7.x86_64.rpm glibc-utils-2.17-105.el7.x86_64.rpm nscd-2.17-105.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-static-2.17-105.el7.i686.rpm glibc-static-2.17-105.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glibc-2.17-105.el7.src.rpm x86_64: glibc-2.17-105.el7.i686.rpm glibc-2.17-105.el7.x86_64.rpm glibc-common-2.17-105.el7.x86_64.rpm glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-devel-2.17-105.el7.i686.rpm glibc-devel-2.17-105.el7.x86_64.rpm glibc-headers-2.17-105.el7.x86_64.rpm glibc-utils-2.17-105.el7.x86_64.rpm nscd-2.17-105.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-static-2.17-105.el7.i686.rpm glibc-static-2.17-105.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glibc-2.17-105.el7.src.rpm aarch64: glibc-2.17-105.el7.aarch64.rpm glibc-common-2.17-105.el7.aarch64.rpm glibc-debuginfo-2.17-105.el7.aarch64.rpm glibc-devel-2.17-105.el7.aarch64.rpm glibc-headers-2.17-105.el7.aarch64.rpm glibc-utils-2.17-105.el7.aarch64.rpm nscd-2.17-105.el7.aarch64.rpm ppc64: glibc-2.17-105.el7.ppc.rpm glibc-2.17-105.el7.ppc64.rpm glibc-common-2.17-105.el7.ppc64.rpm glibc-debuginfo-2.17-105.el7.ppc.rpm glibc-debuginfo-2.17-105.el7.ppc64.rpm glibc-debuginfo-common-2.17-105.el7.ppc.rpm glibc-debuginfo-common-2.17-105.el7.ppc64.rpm glibc-devel-2.17-105.el7.ppc.rpm glibc-devel-2.17-105.el7.ppc64.rpm glibc-headers-2.17-105.el7.ppc64.rpm glibc-utils-2.17-105.el7.ppc64.rpm nscd-2.17-105.el7.ppc64.rpm ppc64le: glibc-2.17-105.el7.ppc64le.rpm glibc-common-2.17-105.el7.ppc64le.rpm glibc-debuginfo-2.17-105.el7.ppc64le.rpm glibc-debuginfo-common-2.17-105.el7.ppc64le.rpm glibc-devel-2.17-105.el7.ppc64le.rpm glibc-headers-2.17-105.el7.ppc64le.rpm glibc-utils-2.17-105.el7.ppc64le.rpm nscd-2.17-105.el7.ppc64le.rpm s390x: glibc-2.17-105.el7.s390.rpm glibc-2.17-105.el7.s390x.rpm glibc-common-2.17-105.el7.s390x.rpm glibc-debuginfo-2.17-105.el7.s390.rpm glibc-debuginfo-2.17-105.el7.s390x.rpm glibc-debuginfo-common-2.17-105.el7.s390.rpm glibc-debuginfo-common-2.17-105.el7.s390x.rpm glibc-devel-2.17-105.el7.s390.rpm glibc-devel-2.17-105.el7.s390x.rpm glibc-headers-2.17-105.el7.s390x.rpm glibc-utils-2.17-105.el7.s390x.rpm nscd-2.17-105.el7.s390x.rpm x86_64: glibc-2.17-105.el7.i686.rpm glibc-2.17-105.el7.x86_64.rpm glibc-common-2.17-105.el7.x86_64.rpm glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-devel-2.17-105.el7.i686.rpm glibc-devel-2.17-105.el7.x86_64.rpm glibc-headers-2.17-105.el7.x86_64.rpm glibc-utils-2.17-105.el7.x86_64.rpm nscd-2.17-105.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: glibc-debuginfo-2.17-105.el7.aarch64.rpm glibc-static-2.17-105.el7.aarch64.rpm ppc64: glibc-debuginfo-2.17-105.el7.ppc.rpm glibc-debuginfo-2.17-105.el7.ppc64.rpm glibc-debuginfo-common-2.17-105.el7.ppc.rpm glibc-debuginfo-common-2.17-105.el7.ppc64.rpm glibc-static-2.17-105.el7.ppc.rpm glibc-static-2.17-105.el7.ppc64.rpm ppc64le: glibc-debuginfo-2.17-105.el7.ppc64le.rpm glibc-debuginfo-common-2.17-105.el7.ppc64le.rpm glibc-static-2.17-105.el7.ppc64le.rpm s390x: glibc-debuginfo-2.17-105.el7.s390.rpm glibc-debuginfo-2.17-105.el7.s390x.rpm glibc-debuginfo-common-2.17-105.el7.s390.rpm glibc-debuginfo-common-2.17-105.el7.s390x.rpm glibc-static-2.17-105.el7.s390.rpm glibc-static-2.17-105.el7.s390x.rpm x86_64: glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-static-2.17-105.el7.i686.rpm glibc-static-2.17-105.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-105.el7.src.rpm x86_64: glibc-2.17-105.el7.i686.rpm glibc-2.17-105.el7.x86_64.rpm glibc-common-2.17-105.el7.x86_64.rpm glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-devel-2.17-105.el7.i686.rpm glibc-devel-2.17-105.el7.x86_64.rpm glibc-headers-2.17-105.el7.x86_64.rpm glibc-utils-2.17-105.el7.x86_64.rpm nscd-2.17-105.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-105.el7.i686.rpm glibc-debuginfo-2.17-105.el7.x86_64.rpm glibc-debuginfo-common-2.17-105.el7.i686.rpm glibc-debuginfo-common-2.17-105.el7.x86_64.rpm glibc-static-2.17-105.el7.i686.rpm glibc-static-2.17-105.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-7423 https://access.redhat.com/security/cve/CVE-2015-1472 https://access.redhat.com/security/cve/CVE-2015-1473 https://access.redhat.com/security/cve/CVE-2015-1781 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/2050743 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWTkEYXlSAg2UNWIIRAueyAJ98kB1kgF2zvCkEn5k70+Aq5ynM3QCfS8Lx xSL2O69mtC2Sh4D4RYIP+2k= =MEoD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-2985-2 May 26, 2016 eglibc, glibc regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: USN-2985-1 introduced a regression in the GNU C Library. Software Description: - glibc: GNU C Library - eglibc: GNU C Library Details: USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue. We apologize for the inconvenience. Original advisory details: Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. (CVE-2013-2207, CVE-2016-2856) Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). (CVE-2014-8121) Joseph Myers discovered that the GNU C Library did not properly handle long arguments to functions returning a representation of Not a Number (NaN). (CVE-2014-9761) Arjun Shankar discovered that in certain situations the nss_dns code in the GNU C Library did not properly account buffer sizes when passed an unaligned buffer. (CVE-2015-1781) Sumit Bose and Lukas Slebodnik discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. (CVE-2015-5277) Adam Nielsen discovered that the strftime function in the GNU C Library did not properly handle out-of-range argument data. (CVE-2015-8776) Hector Marco and Ismael Ripoll discovered that the GNU C Library allowed the pointer-guarding protection mechanism to be disabled by honoring the LD_POINTER_GUARD environment variable across privilege boundaries. (CVE-2015-8777) Szabolcs Nagy discovered that the hcreate functions in the GNU C Library did not properly check its size argument, leading to an integer overflow. (CVE-2015-8778) Maksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. (CVE-2015-8779) Florian Weimer discovered that the getnetbyname implementation in the GNU C Library did not properly handle long names passed as arguments. (CVE-2016-3075) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libc-bin 2.21-0ubuntu4.3 libc6 2.21-0ubuntu4.3 libc6-dev 2.21-0ubuntu4.3 Ubuntu 14.04 LTS: libc-bin 2.19-0ubuntu6.9 libc6 2.19-0ubuntu6.9 libc6-dev 2.19-0ubuntu6.9 Ubuntu 12.04 LTS: libc-bin 2.15-0ubuntu10.15 libc6 2.15-0ubuntu10.15 libc6-dev 2.15-0ubuntu10.15 After a standard system update you need to reboot your computer to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201602-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: GNU C Library: Multiple vulnerabilities Date: February 17, 2016 Bugs: #516884, #517082, #521932, #529982, #532874, #538090, #538814, #540070, #541246, #541542, #547296, #552692, #574880 ID: 201602-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code. * The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776). * Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779). Please review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. Workaround ========== A number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below. Resolution ========== All GNU C Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.21-r2" It is important to ensure that no running process uses the old glibc anymore. The easiest way to achieve that is by rebooting the machine after updating the sys-libs/glibc package. Note: Should you run into compilation failures while updating, please see bug 574948. References ========== [ 1 ] CVE-2013-7423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7423 [ 2 ] CVE-2014-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475 [ 3 ] CVE-2014-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0475 [ 4 ] CVE-2014-5119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5119 [ 5 ] CVE-2014-6040 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6040 [ 6 ] CVE-2014-7817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7817 [ 7 ] CVE-2014-8121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8121 [ 8 ] CVE-2014-9402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9402 [ 9 ] CVE-2015-1472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1472 [ 10 ] CVE-2015-1781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1781 [ 11 ] CVE-2015-7547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7547 [ 12 ] CVE-2015-8776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8776 [ 13 ] CVE-2015-8778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8778 [ 14 ] CVE-2015-8779 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8779 [ 15 ] Google Online Security Blog: "CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow" https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-geta= ddrinfo-stack.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201602-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.52

sources: NVD: CVE-2015-1781 // JVNDB: JVNDB-2015-004995 // BID: 74255 // VULMON: CVE-2015-1781 // PACKETSTORM: 137200 // PACKETSTORM: 131697 // PACKETSTORM: 134717 // PACKETSTORM: 134444 // PACKETSTORM: 137208 // PACKETSTORM: 135810

AFFECTED PRODUCTS

vendor:susemodel:linux enterprise debuginfoscope:eqversion:11

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:11

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:11

Trust: 1.0

vendor:gnumodel:glibcscope:lteversion:2.21

Trust: 1.0

vendor:gnumodel:c libraryscope:ltversion:2.22

Trust: 0.8

vendor:novellmodel:suse linux enterprise debuginfoscope:eqversion:11-sp3

Trust: 0.8

vendor:novellmodel:suse linux enterprise debuginfoscope:eqversion:11-sp4

Trust: 0.8

vendor:novellmodel:suse linux enterprise desktopscope:eqversion:11-sp3

Trust: 0.8

vendor:novellmodel:suse linux enterprise desktopscope:eqversion:11-sp4

Trust: 0.8

vendor:novellmodel:suse linux enterprise serverscope:eqversion:11-sp3

Trust: 0.8

vendor:novellmodel:suse linux enterprise serverscope:eqversion:11-sp4

Trust: 0.8

vendor:novellmodel:suse linux enterprise serverscope:eqversion:for vmware 11-sp3

Trust: 0.8

vendor:novellmodel:suse linux enterprise software development kitscope:eqversion:11-sp3

Trust: 0.8

vendor:novellmodel:suse linux enterprise software development kitscope:eqversion:11-sp4

Trust: 0.8

vendor:susemodel:linux enterprise desktopscope:eqversion:11.0

Trust: 0.6

vendor:susemodel:linux enterprise debuginfoscope:eqversion:11.0

Trust: 0.6

vendor:susemodel:linux enterprise serverscope:eqversion:11.0

Trust: 0.6

vendor:ibmmodel:security network intrusion prevention system gv200scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.3.0.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4002scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.4

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.6.1

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108scope:eqversion:4.5

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.3.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.6.1

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:ds8700scope:eqversion:76.31.143.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv200scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:6.0.1.11

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:proventia network enterprise scannerscope:eqversion:2.3

Trust: 0.3

vendor:ibmmodel:security virtual server protection for vmwarescope:eqversion:1.1

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.1.0.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.1.0.4

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:power hmc sp1scope:neversion:8.8.2.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.4.0.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:ds8700scope:eqversion:87.51.14.x

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.1.0.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:power hmc sp2scope:neversion:8.8.1.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:ib6131 gb infiniband switchscope:eqversion:83.4

Trust: 0.3

vendor:ibmmodel:ds8800scope:eqversion:86.31.167.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:tsscscope:neversion:7.5

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.0.0.9

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.11

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4002scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:flex system en6131 40gb ethernet switchscope:eqversion:3.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.4

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv200scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:7.2.0.1

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.2

Trust: 0.3

vendor:ibmmodel:power hmcscope:eqversion:8.2.0.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv200scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4002scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4002scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:flex system en6131 40gb ethernet switchscope:neversion:3.5.1000

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:6.0.0.16

Trust: 0.3

vendor:redhatmodel:enterprise linux server eus 6.6.zscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:3.21

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.4

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security virtual server protection for vmwarescope:eqversion:1.1.0.1

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:tsscscope:eqversion:7.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.6

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.3

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4002scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fix packscope:eqversion:2.44

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.3.0.3

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:power hmcscope:neversion:8.8.3.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.4.0

Trust: 0.3

vendor:ibmmodel:ds8800scope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:flex system en6131 40gb ethernet switchscope:eqversion:3.4

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:6.0.0.15

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.1.0.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv200scope:eqversion:4.5

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-05scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.2.0.0

Trust: 0.3

vendor:ibmmodel:ib6131 gb infiniband switchscope:neversion:83.5.1000

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.2.0.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008-v2scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412-10scope:eqversion:4.6.2

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:eqversion:7.0.0.8

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv1000scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:flex system chassis management module 2petscope: - version: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx3002scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5208-v2scope:eqversion:4.6.1

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5008scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:3.2.0.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gv200scope:eqversion:4.4

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:flex system chassis management module 2pet14c-2.5.5cscope:neversion: -

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx5108-v2scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:ds8700scope:eqversion:87.41.17.x

Trust: 0.3

vendor:ibmmodel:smartcloud entryscope:eqversion:3.1.0.4

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7412scope:eqversion:4.6.1

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx7800scope:eqversion:4.4

Trust: 0.3

vendor:ibmmodel:ib6131 gb infiniband switchscope:eqversion:83.2

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx6116scope:eqversion:4.3

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004scope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4004-v2scope:eqversion:4.6.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:security virtual server protection for vmwarescope:eqversion:1.1.1

Trust: 0.3

vendor:ibmmodel:datapower gatewaysscope:neversion:6.0.1.12

Trust: 0.3

vendor:ibmmodel:security network intrusion prevention system gx4002scope:eqversion:4.6

Trust: 0.3

vendor:ibmmodel:smartcloud entry appliance fpscope:eqversion:2.2.0.3

Trust: 0.3

vendor:gnumodel:glibcscope:eqversion:0

Trust: 0.3

sources: BID: 74255 // JVNDB: JVNDB-2015-004995 // CNNVD: CNNVD-201505-071 // NVD: CVE-2015-1781

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1781
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-1781
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-071
value: MEDIUM

Trust: 0.6

VULMON: CVE-2015-1781
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-1781
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2015-1781 // JVNDB: JVNDB-2015-004995 // CNNVD: CNNVD-201505-071 // NVD: CVE-2015-1781

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2015-004995 // NVD: CVE-2015-1781

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 135810 // CNNVD: CNNVD-201505-071

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201505-071

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004995

PATCH

title:SUSE-SU-2015:1424url: http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html

Trust: 0.8

title:RHSA-2015:0863url:https://rhn.redhat.com/errata/RHSA-2015-0863.html

Trust: 0.8

title:Bug 18287url:https://sourceware.org/bugzilla/show_bug.cgi?id=18287

Trust: 0.8

title:The GNU C Library version 2.22 is now availableurl:https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html

Trust: 0.8

title:CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow [BZ#18287]url:https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386

Trust: 0.8

title:GNU C Library Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=232528

Trust: 0.6

title:Red Hat: Moderate: glibc security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152199 - Security Advisory

Trust: 0.1

title:Red Hat: Important: glibc security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152589 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2015-1781url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a2c29453eb55cceece213eaabd30c31b

Trust: 0.1

title:Debian CVElist Bug Report Logs: CVE-2013-2207: Remove pt_chownurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=24f036a1c9b3e11b009511a5ff0119fc

Trust: 0.1

title:Debian CVElist Bug Report Logs: glibc: multiple overflows in strxfrm()url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=9c45e614f65364c9f36d20f68260e303

Trust: 0.1

title:Debian CVElist Bug Report Logs: glibc: Three vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=c894c06b98aa71f44dddf17ba757bd22

Trust: 0.1

title:Red Hat: CVE-2015-1781url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-1781

Trust: 0.1

title:Debian CVElist Bug Report Logs: libc6: Pointer guarding bypass in dynamic Setuid binariesurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=fd388404d431df3846c2735a9f93c550

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-513url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-513

Trust: 0.1

title:Ubuntu Security Notice: eglibc, glibc regressionurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2985-2

Trust: 0.1

title:Ubuntu Security Notice: eglibc, glibc vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2985-1

Trust: 0.1

title:Amazon Linux AMI: ALAS-2015-617url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2015-617

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=435ed9abc2fb1e74ce2a69605a01e326

Trust: 0.1

sources: VULMON: CVE-2015-1781 // JVNDB: JVNDB-2015-004995 // CNNVD: CNNVD-201505-071

EXTERNAL IDS

db:NVDid:CVE-2015-1781

Trust: 3.4

db:BIDid:74255

Trust: 2.0

db:SECTRACKid:1032178

Trust: 1.7

db:JVNDBid:JVNDB-2015-004995

Trust: 0.8

db:CNNVDid:CNNVD-201505-071

Trust: 0.6

db:VULMONid:CVE-2015-1781

Trust: 0.1

db:PACKETSTORMid:137200

Trust: 0.1

db:PACKETSTORMid:131697

Trust: 0.1

db:PACKETSTORMid:134717

Trust: 0.1

db:PACKETSTORMid:134444

Trust: 0.1

db:PACKETSTORMid:137208

Trust: 0.1

db:PACKETSTORMid:135810

Trust: 0.1

sources: VULMON: CVE-2015-1781 // BID: 74255 // JVNDB: JVNDB-2015-004995 // PACKETSTORM: 137200 // PACKETSTORM: 131697 // PACKETSTORM: 134717 // PACKETSTORM: 134444 // PACKETSTORM: 137208 // PACKETSTORM: 135810 // CNNVD: CNNVD-201505-071 // NVD: CVE-2015-1781

REFERENCES

url:https://rhn.redhat.com/errata/rhsa-2015-0863.html

Trust: 2.1

url:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Trust: 2.0

url:http://www.ubuntu.com/usn/usn-2985-1

Trust: 1.9

url:http://www.ubuntu.com/usn/usn-2985-2

Trust: 1.8

url:https://security.gentoo.org/glsa/201602-02

Trust: 1.8

url:https://sourceware.org/bugzilla/show_bug.cgi?id=18287

Trust: 1.7

url:https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html

Trust: 1.7

url:http://www.securityfocus.com/bid/74255

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html

Trust: 1.7

url:http://www.securitytracker.com/id/1032178

Trust: 1.7

url:http://www.debian.org/security/2016/dsa-3480

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2016-february/177404.html

Trust: 1.7

url:https://sourceware.org/git/?p=glibc.git%3ba=commit%3bh=2959eda9272a03386

Trust: 1.6

url:https://access.redhat.com/security/cve/cve-2015-1781

Trust: 0.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=1199525

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1781

Trust: 0.9

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1781

Trust: 0.8

url:https://access.redhat.com/errata/rhsa-2015:2199

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2015-1781

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2015:2589

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2015:0863

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-7423

Trust: 0.4

url:http://www.gnu.org/software/libc/

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21966788

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1022665

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1023385

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005779

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005255

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas8n1020837

Trust: 0.3

url:https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099225

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21966209

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21982433

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21988872

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-8121

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8776

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-5277

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8778

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8779

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-1472

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2015-8777

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-9761

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-3075

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-1473

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-1473

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2015-1472

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2013-7423

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=38496

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2985-2/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.14

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2856

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/glibc/2.21-0ubuntu4.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.8

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2207

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7423

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5277

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2015-2589.html

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2015-2199.html

Trust: 0.1

url:https://access.redhat.com/articles/2050743

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://launchpad.net/bugs/1585614

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/glibc/2.21-0ubuntu4.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/eglibc/2.19-0ubuntu6.9

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/eglibc/2.15-0ubuntu10.15

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-9402

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-geta=

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-7817

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-9402

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7547

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8121

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1781

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-6040

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7547

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0475

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8776

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-7817

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-5119

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-6040

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-8779

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7423

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-5119

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0475

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1472

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULMON: CVE-2015-1781 // BID: 74255 // JVNDB: JVNDB-2015-004995 // PACKETSTORM: 137200 // PACKETSTORM: 131697 // PACKETSTORM: 134717 // PACKETSTORM: 134444 // PACKETSTORM: 137208 // PACKETSTORM: 135810 // CNNVD: CNNVD-201505-071 // NVD: CVE-2015-1781

CREDITS

Arjun Shankar of Red Hat

Trust: 0.9

sources: BID: 74255 // CNNVD: CNNVD-201505-071

SOURCES

db:VULMONid:CVE-2015-1781
db:BIDid:74255
db:JVNDBid:JVNDB-2015-004995
db:PACKETSTORMid:137200
db:PACKETSTORMid:131697
db:PACKETSTORMid:134717
db:PACKETSTORMid:134444
db:PACKETSTORMid:137208
db:PACKETSTORMid:135810
db:CNNVDid:CNNVD-201505-071
db:NVDid:CVE-2015-1781

LAST UPDATE DATE

2024-12-21T19:36:24.203000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2015-1781date:2019-06-17T00:00:00
db:BIDid:74255date:2016-09-09T18:00:00
db:JVNDBid:JVNDB-2015-004995date:2015-10-01T00:00:00
db:CNNVDid:CNNVD-201505-071date:2023-04-10T00:00:00
db:NVDid:CVE-2015-1781date:2024-11-21T02:26:07.067

SOURCES RELEASE DATE

db:VULMONid:CVE-2015-1781date:2015-09-28T00:00:00
db:BIDid:74255date:2015-04-21T00:00:00
db:JVNDBid:JVNDB-2015-004995date:2015-10-01T00:00:00
db:PACKETSTORMid:137200date:2015-05-26T08:22:22
db:PACKETSTORMid:131697date:2015-04-30T15:46:57
db:PACKETSTORMid:134717date:2015-12-09T15:22:37
db:PACKETSTORMid:134444date:2015-11-20T00:41:22
db:PACKETSTORMid:137208date:2016-05-26T14:33:33
db:PACKETSTORMid:135810date:2016-02-17T23:53:39
db:CNNVDid:CNNVD-201505-071date:2015-04-21T00:00:00
db:NVDid:CVE-2015-1781date:2015-09-28T20:59:00.093