Reset Search
 

 

Article

VN 2016 003 glibc

« Go Back

Vulnerability Notice

 
Vulnerability Summary
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Background (From CVE Project)
CVE-2015-7547 
   Release Date:  February 18, 2016
   CVSS v2 base score:  6.8  Medium

Impact 
Denial of service (crash) or possibly execute arbitrary code
Products Potentially Affected
The following is the vulnerability status of the software products supported by Extreme Networks for this issue:
 
ExtremeXOS (all products)Fixed
A, B, C, D, G, I and 800 Series Fixed SwitchesNo
IDS/IPS Yes
IdentiFi WirelessFixed
N, K, SSA, and S Modular SwitchesNo
NetSightFixed
NAC (IA)Fixed
PurviewFixed
Ridgeline No
Security Information & Event ManagerInvestigating 
Summit WM3000 SeriesNo
X-Series Secure Core Router Investigating 
XSR (X-Pedition Security Router)No
Impact Details
ExtremeXOS (all products)
  • Vulnerable Yes / No: Yes  - Fixed
  • Vulnerable Component: glibc library
  • Describe conditions when component Vulnerability occurs(why/when/how): glibc reserves 2048 bytes in the stack for the DNS answer for hosting responses to a DNS query.
    If the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated.
    Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow.
  • Product version(s) affected:  EXOS 15.3 - EXOS 16.1. EXOS versions older than 15.3 are still under investigation.
  • Workaround:  A local resolver (that drops non-compliant responses). Or if customer can work without dns configuration, then do not configure dns server in the switch.
  • Fixed In:  22.1.1, 21.1.1 Patch 1-5, 16.2.1, 15.7.4,  (and patches planned for all supported XOS versions)
A, B, C, D, G, I and 800 Series Fixed Switches
  • Vulnerable Yes / No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how): GNU C Library not used
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
IDS/IPS
  • Vulnerable Yes / No: Yes
  • Vulnerable Component: Dragon Appliance
  • Describe conditions when component Vulnerability occurs(why/when/how):  unknown
  • Product version(s) affected:  version 8.x
  • Workaround:  Some mitigating factors have been identified, including: 
    Mitigating factors for UDP include:
    - A firewall that drops UDP DNS packets > 512 bytes.
    - A local resolver (that drops non-compliant responses).
    - Avoid dual A and AAAA queries (avoids buffer management error) e.g. Do not use AF_UNSPEC.
    - No use of `options edns0` in /etc/resolv.conf since EDNS0 allows responses larger than 512 bytes and can lead to valid DNS responses that overflow.
    - No use of `RES_USE_EDNS0` or `RES_USE_DNSSEC` since they can both lead to valid large EDNS0-based DNS responses that can overflow.
    Mitigating factors for TCP include:
    - Limit all replies to 1024 bytes. 
  • Target Fix Release:  8.3 MR3
  • Target Month for Fix Release: tbd
IdentiFi Wireless​
Extreme Networks Wireless Controllers:
  • Vulnerable Yes / No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release: 
  • Target Month for Fix Release:
Extreme Networks Wireless 26xx and 36xx series APs
  • Vulnerable Yes/ No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
Extreme Networks Wireless 3705, 3801, 3805 series APs
  • Vulnerable Yes/ No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
Extreme Networks Wireless 3710, 3715, 3765, 3767, 3825, 3865, and 39xx series APs
  • Vulnerable Yes/ No: Yes  - Fixed
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected: 10.01.01 through 10.01.03
  • Workaround:
  • Fixed In: 10.01.04 and 10.11.01
  • Target Month for Fix Release: April and June 2016
N, K, SSA, and S Modular Switches
  • Vulnerable Yes / No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how): Product does not have GNU C library
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
NetSight
  • Vulnerable Yes / No: Yes  - Fixed
  • Vulnerable Component: NetSight appliance
  • Describe conditions when component Vulnerability occurs(why/when/how): unknown
  • Product version(s) affected:  version 6.x
  • Workaround:  Some mitigating factors have been identified, including: 
    Mitigating factors for UDP include:
    - A firewall that drops UDP DNS packets > 512 bytes.
    - A local resolver (that drops non-compliant responses).
    - Avoid dual A and AAAA queries (avoids buffer management error) e.g. Do not use AF_UNSPEC.
    - No use of `options edns0` in /etc/resolv.conf since EDNS0 allows responses larger than 512 bytes and can lead to valid DNS responses that overflow.
    - No use of `RES_USE_EDNS0` or `RES_USE_DNSSEC` since they can both lead to valid large EDNS0-based DNS responses that can overflow.
    Mitigating factors for TCP include:
    - Limit all replies to 1024 bytes. 
  • Fixed In: 7.0.3
NAC
  • Vulnerable Yes / No: Yes  - Fixed
  • Vulnerable Component:  NAC Appliance
  • Describe conditions when component Vulnerability occurs(why/when/how): unknown
  • Product version(s) affected: version 6.x
  • Workaround:  Some mitigating factors have been identified, including: 
    Mitigating factors for UDP include:
    - A firewall that drops UDP DNS packets > 512 bytes.
    - A local resolver (that drops non-compliant responses).
    - Avoid dual A and AAAA queries (avoids buffer management error) e.g. Do not use AF_UNSPEC.
    - No use of `options edns0` in /etc/resolv.conf since EDNS0 allows responses larger than 512 bytes and can lead to valid DNS responses that overflow.
    - No use of `RES_USE_EDNS0` or `RES_USE_DNSSEC` since they can both lead to valid large EDNS0-based DNS responses that can overflow.
    Mitigating factors for TCP include:
    - Limit all replies to 1024 bytes. 
  • Fixed In: 7.0.3
Purview
  • Vulnerable Yes / No: Yes  - Fixed
  • Vulnerable Component: Purview Appliance
  • Describe conditions when component Vulnerability occurs(why/when/how): unknown
  • Product version(s) affected: version 6.x
  • Workaround:  Some mitigating factors have been identified, including: 
    Mitigating factors for UDP include:
    - A firewall that drops UDP DNS packets > 512 bytes.
    - A local resolver (that drops non-compliant responses).
    - Avoid dual A and AAAA queries (avoids buffer management error) e.g. Do not use AF_UNSPEC.
    - No use of `options edns0` in /etc/resolv.conf since EDNS0 allows responses larger than 512 bytes and can lead to valid DNS responses that overflow.
    - No use of `RES_USE_EDNS0` or `RES_USE_DNSSEC` since they can both lead to valid large EDNS0-based DNS responses that can overflow.
    Mitigating factors for TCP include:
    - Limit all replies to 1024 bytes. 
  • Fixed In: 7.0.3
Ridgeline
  • Vulnerable Yes / No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):  GNU C Library not used
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
Security Information & Event Manager
  • Vulnerable Yes / No: Investigating
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
  •  
Summit WM3000 Series
  • Vulnerable Yes / No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
X-Series Secure Core Router
  • Vulnerable Yes / No: Investigating
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
XSR (X-Pedition Security Router)
  • Vulnerable Yes / No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how): this is not application to XSR as XSR does not use glibc
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
Repair Recommendations
The resolution to any threat or issue is dependent upon a number of things, including the setup of the computer network and how the local IT team wants to address the situation. Accordingly, in addition to updating the software as recommended in this document, the local IT team will need to analyze and address the situation in a manner that it determines will best address the set-up of its computer network. Update the software, identified in this Notice, in your Extreme Networks products by replacing it with the latest releases from Extreme Networks including those listed above.

Firmware and software can be downloaded from www.extremenetworks.com/support.
Legal Notice
This advisory notice is provided on an “as is” basis and Extreme Networks makes no representations or warranties of any kind, expressly disclaiming the warranties of merchantability or fitness for a particular use. Use of the information provided herein or materials linked from this advisory notice is at your own risk. Extreme Networks reserves the right to change or update this document at any time, and expects to update this document as new information becomes available. The information provided herein is applicable to current Extreme Networks products identified herein and is not intended to be any representation of future functionality or compatibility with any third-party technologies referenced herein. This notice shall not change any contract or agreement that you have entered into with Extreme Networks.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255