Vulnerability CVE-2013-7423
Published: 2015-02-24

Description:
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
glibc 2.20 getaddrinfo() writes DNS queries to random file descriptors (PoC)
arnaud
28.01.2015

Type:

CWE-17

 (Code)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Redhat -> Enterprise linux server aus 
Opensuse -> Opensuse 
Novell -> Opensuse 
GNU -> Glibc 
Canonical -> Ubuntu linux 

 References:
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
http://rhn.redhat.com/errata/RHSA-2015-0863.html
http://www.openwall.com/lists/oss-security/2015/01/28/20
http://www.securityfocus.com/bid/72844
http://www.ubuntu.com/usn/USN-2519-1
https://access.redhat.com/errata/RHSA-2016:1207
https://github.com/golang/go/issues/6336
https://security.gentoo.org/glsa/201602-02
https://sourceware.org/bugzilla/show_bug.cgi?id=15946
Copyright 2024, cxsecurity.com

 

Back to Top