Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2015-7547

Description

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

POC

Reference

- http://fortiguard.com/advisory/glibc-getaddrinfo-stack-overflow

- http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html

- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html

- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html

- http://seclists.org/fulldisclosure/2019/Sep/7

- http://seclists.org/fulldisclosure/2021/Sep/0

- http://seclists.org/fulldisclosure/2022/Jun/36

- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

- http://www.securityfocus.com/bid/83265

- https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05176716

- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

- https://kc.mcafee.com/corporate/index?page=content&id=SB10150

- https://seclists.org/bugtraq/2019/Sep/7

- https://security.netapp.com/advisory/ntap-20160217-0002/

- https://www.arista.com/en/support/advisories-notices/security-advisories/1255-security-advisory-17

- https://www.exploit-db.com/exploits/39454/

- https://www.exploit-db.com/exploits/40339/

- https://www.kb.cert.org/vuls/id/457759

- https://www.tenable.com/security/research/tra-2017-08

Github

- https://github.com/0xTo/linux-kernel-exploits

- https://github.com/1and1-serversupport/glibc-patcher

- https://github.com/1o24er/Python-

- https://github.com/20142995/sectool

- https://github.com/ARPSyndicate/cvemon

- https://github.com/AgenticAI-LLM/Hackathon

- https://github.com/Al1ex/LinuxEelvation

- https://github.com/Amilaperera12/Glibc-Vulnerability-Exploit-CVE-2015-7547

- https://github.com/C0dak/linux-kernel-exploits

- https://github.com/C0dak/local-root-exploit-

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Cherishao/Security-box

- https://github.com/De4dCr0w/Linux-kernel-EoP-exp

- https://github.com/Feng4/linux-kernel-exploits

- https://github.com/GhostTroops/TOP

- https://github.com/HiJackJTR/github_arsenal

- https://github.com/JERRY123S/all-poc

- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits

- https://github.com/Micr067/linux-kernel-exploits

- https://github.com/Nop3z/IOTsec-all-in-one

- https://github.com/QChiLan/linux-exp

- https://github.com/R0B1NL1N/Linux-Kernal-Exploits-m-

- https://github.com/R0B1NL1N/Linux-Kernel-Exploites

- https://github.com/RedHatSatellite/satellite-host-cve

- https://github.com/SSlvtao/CTF

- https://github.com/SecWiki/linux-kernel-exploits

- https://github.com/Shadowshusky/linux-kernel-exploits

- https://github.com/Singlea-lyh/linux-kernel-exploits

- https://github.com/Snoopy-Sec/Localroot-ALL-CVE

- https://github.com/Stick-U235/CVE-2015-7547-Research

- https://github.com/Vxer-Lee/Hack_Tools

- https://github.com/ZTK-009/linux-kernel-exploits

- https://github.com/ZiDuNet/Note

- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits

- https://github.com/alanmeyer/CVE-glibc

- https://github.com/albinjoshy03/linux-kernel-exploits

- https://github.com/alex-bender/links

- https://github.com/alian87/linux-kernel-exploits

- https://github.com/babykillerblack/CVE-2015-7547

- https://github.com/birdhan/SecurityTools

- https://github.com/blacksunwen/Python-tools

- https://github.com/bluebluelan/CVE-2015-7547-proj-master

- https://github.com/bright-angel/sec-repos

- https://github.com/cakuzo/CVE-2015-7547

- https://github.com/coffee727/linux-exp

- https://github.com/copperfieldd/linux-kernel-exploits

- https://github.com/cream-sec/pentest-tools

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/distance-vector/linux-kernel-exploits

- https://github.com/eSentire/cve-2015-7547-public

- https://github.com/fei9747/LinuxEelvation

- https://github.com/fjserna/CVE-2015-7547

- https://github.com/freener/exploits

- https://github.com/githuberxu/Security-Resources

- https://github.com/h4x0r-dz/local-root-exploit-

- https://github.com/hackerso007/Sec-Box-master

- https://github.com/hackstoic/hacker-tools-projects

- https://github.com/hantiger/-

- https://github.com/hktalent/TOP

- https://github.com/hktalent/bug-bounty

- https://github.com/jay900323/SecurityTools

- https://github.com/jbmihoub/all-poc

- https://github.com/jerryxk/Sec-Box

- https://github.com/jgajek/cve-2015-7547

- https://github.com/kumardineshwar/linux-kernel-exploits

- https://github.com/m0mkris/linux-kernel-exploits

- https://github.com/miracle03/CVE-2015-7547-master

- https://github.com/mudongliang/LinuxFlaw

- https://github.com/n0-traces/cve_monitor

- https://github.com/nisadevi11/Localroot-ALL-CVE

- https://github.com/nishanb/insecure-app

- https://github.com/oneoy/cve-

- https://github.com/ozkanbilge/Linux-Kernel-Exploits

- https://github.com/pandazheng/LinuxExploit

- https://github.com/panubo/docker-cve

- https://github.com/password520/linux-kernel-exploits

- https://github.com/qiantu88/Linux--exp

- https://github.com/rakjong/LinuxElevation

- https://github.com/rexifiles/rex-sec-glibc

- https://github.com/richardiyama/Ainspection

- https://github.com/scriptzteam/glFTPd-v2.06.2

- https://github.com/scuechjr/Sec-Box

- https://github.com/sjourdan/clair-lab

- https://github.com/sunu11/Sec-Box

- https://github.com/t0r0t0r0/CVE-2015-7547

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/xFinu/linux-kernel-exploits

- https://github.com/xfinest/linux-kernel-exploits

- https://github.com/xssfile/linux-kernel-exploits

- https://github.com/yige666/linux-kernel-exploits

- https://github.com/yige666/web-

- https://github.com/zyjsuper/linux-kernel-exploits