Data Consult Blog Security Alert: Glibc Buffer Overflow (CVE-2015-7547)

Hello,Following our previous communication concerning the announcements of OpenSSL vulnerability (CVE-2016-0701) and Cisco's ASA IKE Buffer Overflow (CVE-2016-1287), a new security vulnerability surfaced which targets systems that use the "GNU Library C (glbic)" (including Cisco, Juniper and many others)."The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack." sourceBelow is a proof of concept presented by Dan Kaminsky targeting JavaScript, Python, Java, and Haskell:SourceThe Glibc is widely used across countless applications, and Networking vendors are affected by this vulnerability, in response they published links detailing the impact on their products:Ciscohttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibcF5https://support.f5.com/kb/en-us/solutions/public/k/47/sol47098834.htmlJuniperhttp://forums.juniper.net/t5/Security-Incident-Response/glibc-getaddrinfo-stack-based-buffer-overflowEMChttps://support.emc.com/kb/476693Bluecoathttps://bto.bluecoat.com/security-advisory/sa114We recommend taking a quick action in this regards in order not to keep your system vulnerable to a potential attack or compromise. If you would like us to check this vulnerability's effect on your network and help you patch your devices, you are kindly requested to open a case on Data Consult hotline +961-1-511822.--Elie Bassillinkedin.com/in/eliebassil