what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

CVE-2015-7547

Status Candidate

Overview

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Related Files

Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
Posted Jun 20, 2022
Authored by T. Weber | Site sec-consult.com

Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components.

tags | exploit
advisories | CVE-2015-0235, CVE-2015-7547, CVE-2015-9261, CVE-2017-16544, CVE-2022-32985
SHA-256 | 811819aa67b6ad1bef552d7cc55544b3fd1c366dc092a396d3d23c2d49bd1e36
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
Posted Sep 1, 2021
Authored by T. Weber | Site sec-consult.com

Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-1914, CVE-2013-7423, CVE-2015-0235, CVE-2015-7547, CVE-2016-1234, CVE-2021-39278, CVE-2021-39279
SHA-256 | 91e5218cfa2c2452c1da0918b3b85328aad5bcf76352c949affc7a9a10a95a39
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
Posted Sep 4, 2019
Authored by T. Weber | Site sec-consult.com

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.

tags | exploit, vulnerability
systems | cisco
advisories | CVE-2014-4043, CVE-2014-9402, CVE-2014-9761, CVE-2014-9984, CVE-2015-1472, CVE-2015-5277, CVE-2015-7547, CVE-2015-8778, CVE-2015-8779, CVE-2015-9261, CVE-2016-2147, CVE-2016-2148, CVE-2016-6301, CVE-2017-1000366, CVE-2017-16544, CVE-2018-20679, CVE-2019-5747
SHA-256 | 3726cd3c69f647990c48b627f7552d3a2fdba185bb79ef1247f427b865bde817
HP Security Bulletin HPSBMU03685 1
Posted Jan 19, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03685 1 - Multiple potential security vulnerabilities have been identified in HPE Insight Control server provisioning (ICsp) software. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), arbitrary code execution, arbitrary command execution, unauthorized access to files or disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2014-0050, CVE-2014-4877, CVE-2015-6420, CVE-2015-7547, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2842
SHA-256 | 7c572b3e24df1d149872d9d6f48b13a5c0031cc58055e6a8a1c95b1c448324e2
glibc getaddrinfo Stack Buffer Overflow
Posted Sep 6, 2016
Authored by jang kyoungchip

glibc getaddrinfo stack-based buffer overflow exploit that leverages the priorly disclosed issue by Google.

tags | exploit, overflow
advisories | CVE-2015-7547
SHA-256 | a61fe48c92c2f4e8a5665c7ab58fdd412c2282ae7abcf30ca24c5f9a113ee283
HP Security Bulletin HPSBST03603 1
Posted Jul 27, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03603 1 - HPE StoreVirtual products running LeftHand OS has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). This vulnerability could be remotely exploited to cause Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary
advisories | CVE-2015-7547
SHA-256 | 7a1938552ec305f40be8a23af07bd878dc473a9a0b00a6ec1d1ad7c762c07075
HP Security Bulletin HPSBGN03553 1
Posted Jun 16, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03553 1 - HP OneView has addressed stack based buffer overflows in glibc's implementation of getaddrinfo() and also a vulnerability in OpenSSL. These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of the user running glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-7547, CVE-2016-0705
SHA-256 | 3617e671a811e5e4891b16d55373f0c543a2327eaeb55d97e84f1a429f8e0a07
HP Security Bulletin HPSBGN03442 2
Posted Jun 8, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03442 2 - HPE Helion OpenStack has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 2 of this advisory.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-7547
SHA-256 | 186f43f7a6764e45853fc9e00be530ce4c2d2318aed00bacd397094ffd9ba277
HP Security Bulletin HPSBMU03612 1
Posted Jun 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03612 1 - Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS), Execution of Arbitrary code, Disclosure of Sensitive Information,Remote Code Execution and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution, xss, csrf
systems | windows
advisories | CVE-2007-6750, CVE-2011-4969, CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3569, CVE-2015-0205, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3194, CVE-2015-3195, CVE-2015-3237, CVE-2015-6565, CVE-2015-7501, CVE-2015-7547, CVE-2015-7995, CVE-2015-8035, CVE-2016-0705, CVE-2016-0728, CVE-2016-0799, CVE-2016-2015, CVE-2016-2017
SHA-256 | 55b881f2a237e07f9560dcebcf5f78996c72fe03931da60fb9afbd2da087871d
HP Security Bulletin HPSBHF03578 1
Posted May 18, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03578 1 - HPE ConvergedSystem for SAP HANA Solutions has addressed stack-based buffer overflows in the GNU C library's (glibc) implementation of the getaddrinfo() library function. These vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user using the glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-7547
SHA-256 | f467478965503248c96c094ed51e89e4ccb098e7d4023a82cd28359603541c37
HP Security Bulletin HPSBMU03591 1
Posted May 13, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03591 1 - Several potential security vulnerabilities have been identified in HPE Server Migration Pack (SMP) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2015-7547, CVE-2016-0728
SHA-256 | 958138fc11dd9e53ea6b98de78d16ced9c354a2c2997cb0b10965023053cabb7
HP Security Bulletin HPSBGN03597 1
Posted May 13, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03597 1 - A vulnerability in GNU C Library (glibc) was addressed by HPE Cloud Optimizer (Virtualization Performance Viewer). The vulnerability could be exploited remotely to allow Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2015-7547
SHA-256 | 25f49ade38400e07817b57b4a97217d1ee78e9e0c35b13e06ec064443db88b6d
HP Security Bulletin HPSBST03598 1
Posted May 12, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03598 1 - HPE 3PAR OS has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). This vulnerability could be remotely exploited to cause Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary
advisories | CVE-2015-7547
SHA-256 | 825e2f051ab86891da30d118b79183bb3ced947bf7f0859a92642c397d8dc78f
HP Security Bulletin HPSBGN03547 3
Posted May 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03547 3 - A security vulnerability in glibc has been addressed with HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus components. The vulnerability could be exploited remotely resulting in arbitrary execution of code. Revision 3 of this advisory.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, centos
advisories | CVE-2015-7547
SHA-256 | 3a3a7da261ca85e7feb593ac3b1137b0a8baf5a5661d975d9cd76acfc0ff825f
HP Security Bulletin HPSBGN03582 1
Posted Apr 26, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03582 1 - HPE Helion CloudSystem addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-7547
SHA-256 | 26439f2e50832858fd5b35b5b17ec68209e8fbe1597c3cfba78e2bd761d45067
HP Security Bulletin HPSBGN03551 1
Posted Mar 22, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03551 1 - HPE Helion Development Platform has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-7547
SHA-256 | 6a5c6e511c9ded81cb50fa7de880a49ca9815f8fa2566a142a513c72014743b9
HP Security Bulletin HPSBGN03442 1
Posted Mar 3, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03442 1 - HPE Helion OpenStack has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-7547
SHA-256 | 6539fd974a37cf918334232d4666c73e3f1b4b61616cb996dd44f390809b7782
HP Security Bulletin HPSBGN03549 1
Posted Feb 26, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03549 1 - HPE IceWall products have addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-7547
SHA-256 | 5c0bafbdb117854cb467fe44692de91315ec03062242458e577de6b74ec77e61
Slackware Security Advisory - glibc Updates
Posted Feb 24, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-7547
SHA-256 | 8d4c291abde8bba7e5f00f2280fc0bcd15d6a57a664e9d206fc17566399f7d6f
Red Hat Security Advisory 2016-0277-01
Posted Feb 19, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0277-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.

tags | advisory, remote, overflow, kernel
systems | linux, redhat
advisories | CVE-2015-7547
SHA-256 | 16f8193295d41539b260186af779c496a1c336c7b0b9f4d88547042401772ac9
HP Security Bulletin HPSBGN03547 1
Posted Feb 19, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03547 1 - A security vulnerability in glibc has been addressed with HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus components. The vulnerability could be exploited remotely resulting in arbitrary execution of code. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2015-7547
SHA-256 | 80d01bb5a617b997b4377008c9a6dff9fe6fc1ba42119b92775c9ae396faf290
Gentoo Linux Security Advisory 201602-02
Posted Feb 17, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201602-2 - Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code. Versions less than 2.21-r2 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-7423, CVE-2014-0475, CVE-2014-5119, CVE-2014-6040, CVE-2014-7817, CVE-2014-8121, CVE-2014-9402, CVE-2015-1472, CVE-2015-1781, CVE-2015-7547, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779
SHA-256 | 7fb31d7914b4d8d365ed0e55052ae4ab9788d37ba1146e4a9261c90a46a215e4
glibc getaddrinfo Stack-Based Buffer Overflow
Posted Feb 17, 2016
Authored by Fermin J. Serna, Kevin Stadmeyer | Site googleonlinesecurity.blogspot.com

glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated. Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow. Included in this archive is a copy of the Google Security blog post and proof of concept code that demonstrates the vulnerability.

tags | exploit, overflow, proof of concept
systems | linux
advisories | CVE-2015-7547
SHA-256 | ad59124177a3d305a9e05a03fed4435fe9079fdcafd54b23cbd52bc979ba7a5f
Ubuntu Security Notice USN-2900-1
Posted Feb 17, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2900-1 - It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-7547
SHA-256 | 7800d1aab731dec1f2a66ce239ebdf2a26e863aea8e01e1b0c7b35c610ced26c
Debian Security Advisory 3481-1
Posted Feb 17, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3481-1 - Several vulnerabilities have been fixed in the GNU C Library, glibc.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-7547, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779
SHA-256 | 09303e0b9794ff8d9ff9ecaa8493c33cded5b569964be1e2f01553cc70ce74c4
Page 1 of 2
Back12Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close