Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7423

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-7423
Last Modified 03 Jun 2015 09:59:13
Published 24 Feb 2015 10:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-7423

Summary

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of request that trigger a call to the getaddrinfo function.

Vulnerable Systems

Operating System

  • Novell Opensuse 13.1

  • Novell Opensuse 13.2

Application

  • Gnu Glibc 2.20


References

CONFIRM - https://sourceware.org/bugzilla/show_bug.cgi?id=15946

CONFIRM - https://github.com/golang/go/issues/6336

MLIST - [oss-security] 20150128 Re: the other glibc issue

SUSE - openSUSE-SU-2015:0351

UBUNTU - USN-2519-1

BID - 72844


Last Updated: 27 May 2016 11:08:54