VDB
CNVD-2016-01100
CNVD-2016-01100
PUBLISHED
GNU glibc是一款按LGPL许可协议发布的开源C语言编译程序,是Linux操作系统中C库的实现。 glibc中getaddrinfo函数在处理特定dns response数据包时存在栈溢出漏洞,攻击者利用漏洞可通过构建恶意dns服务或使用中间人攻击的方法对Linux主机或相关设备发起攻击,导致远程代码执行,进而可获取用户终端控制权。
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIEMENS SINEMA Remote Connect <v1.2 | ||
| SIEMENS Basic RT V13 | ||
| GNU glibc >2.9 | ||
| SIEMENS APE (Linux) | ||
| SIEMENS SCALANCE M-800 / S615 | ||
| SIEMENS ROX II OS >=V2.3.0, <=V2.9.0 |
Timeline
- Feb 17, 2016 CVE ID Reserved
- Feb 18, 2016 CVE Published
References
- https://isc.sans.edu/diary/CVE-2015-7547:%20Critical%20Vulnerability%20in%20glibc%20getaddrinfo/20737 url
- https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html url
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-301706.pdf url
- https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html url