On 16 February 2016, Red Hat identified the glibc getaddrinfo stack-based buffer overflow vulnerability affecting Red Hat platforms 6 using glibc versions 2.10 and above. NOTE: Red Hat states that platforms 3-5 are not vulnerable (i.e., glibc version 2.9 and below are not at risk). This article is designed to provide you with the latest information on the vulnerability.
Please note that as of February 19th, 2016 the vulnerability has been patched on all our web solutions.
The vulnerability within the glibc DNS side resolver represents a weakness in the stack-based buffer overflow when the
getaddrinfo function is used. The attacker could exploit the system using masked Domain Names, attacker controlled DNS servers, or through a man-in-the-middle attack. A successful exploitation could lead to denial of service (DoS), system crashes, or remote code execution on the client.
A note on remote code execution: although it is possible for an attacker to infiltrate the client, bypassing the existing security mitigations on the system and crafting special packets to properly initiate the overflow is challenging and would require great skill and knowledge of the solution itself.
For further information on this vulnerability, please see the following article: https://access.redhat.com/security/cve/cve-2015-7547.