Vulnerability in GNU glibc Affecting Cisco Products
Severity Rating: High
The list of the affected products is available on:
A vulnerability has been identified in the GNU C library (glibc) which is incorporated in multiple Cisco products. The vulnerability resides in the libresolv library included with glibc and this could allow a remote attacker to cause execution of arbitrary code or a denial of service (DoS) condition. The vulnerability is caused due to buffer mismanagement when the getaddrinfo function is used to perform dual A/AAAA DNS queries. In some conditions, responses may be returned in a manner that causes the response to be written past the end of the allocated buffer. This vulnerability could be exploited by a remote attacker by sending a crafted DNS response to a targeted system. Successful exploitation could trigger a stack-based buffer overflow condition that the attacker could use to execute arbitrary code or cause a DoS condition.
Currently no workarounds is available.
Cisco will release software updates that address this vulnerability.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street