Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)

Vulnerability Note VN-2017-27


Vulnerability in GNU glibc Affecting Cisco Products
Severity Rating: High
Systems Affected:
  • Cisco Products
The list of the affected products is available on:
Description
A vulnerability has been identified in the GNU C library (glibc) which is incorporated in multiple Cisco products.  The vulnerability resides in the libresolv library included with glibc and this could allow a remote attacker to cause execution of arbitrary code or a denial of service (DoS) condition. The vulnerability is caused due to buffer mismanagement when the getaddrinfo function is used to perform dual A/AAAA DNS queries. In some conditions, responses may be returned in a manner that causes the response to be written past the end of the allocated buffer. This vulnerability could be exploited by a remote attacker by sending a crafted DNS response to a targeted system. Successful exploitation could trigger a stack-based buffer overflow condition that the attacker could use to execute arbitrary code or cause a DoS condition.
 
Solution
 
Currently no workarounds is available.
 
Cisco will release software updates that address this vulnerability.
 
CVE Information
 
Vendor Information
Cisco
 
References
Cisco
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis
​