Vigil@nce - glibc: denial of service via getaddrinfo File Descriptors
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force an application using getaddrinfo() to
resolve an address, to write data partially controlled by the
attacker to a bad file descriptor, in order to trigger a denial of
service or to write data on the file system.
– Impacted products: Unix (platform)
– Severity: 2/4
– Creation date: 29/01/2015
DESCRIPTION OF THE VULNERABILITY
The glibc library provides the getaddrinfo() which obtains IP
information from a server name.
However, when this function is called several times, it can write
DNS queries in the bad file descriptor.
An attacker can therefore force an application using getaddrinfo()
to resolve an address, to write data partially controlled by the
attacker to a bad file descriptor, in order to trigger a denial of
service or to write data on the file system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/glibc-denial-of-service-via-getaddrinfo-File-Descriptors-16082