CVE-2015-5180

Published: 10 August 2015

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).

From the Ubuntu Security Team

Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service.

Notes

See test case in the bug
no fix upstream as of 2016-09-09

patch committed upstream on 2016-12-31; renames symbol so
backporting may not be easy.
commit included in glibc 2.25 release
debian fixed this in unstable in 2.24-9
fixing this does indeed break the internal ABI between
libnss_dns and libresolv. We're backing out this change.
reverted from zesty in 2.24-9ubuntu2 by infinity.
For existing releases, DO NOT APPLY THIS PATCH due to ABI
breakage. Fix will come in to 17.10 when we get glibc-2.25 as we
do not guarantee ABI for libresolv internals across different glibc
releases, just for upgrades for same versions e.g. (2.24 -> 2.24)
REPEAT: DO NOT APPLY THIS PATCH (UNMODIFIED) IN A STABLE RELEASE

marking this issue as ignored, as we will not be fixing this
in Ubuntu stable releases.

Status

Severity score breakdown

References

• https://ubuntu.com/security/notices/USN-3239-1
• https://ubuntu.com/security/notices/USN-3239-2
• https://www.cve.org/CVERecord?id=CVE-2015-5180
• NVD
• Launchpad
• Debian

Bugs

• https://sourceware.org/bugzilla/show_bug.cgi?id=18784
• https://bugzilla.redhat.com/show_bug.cgi?id=1249603
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796106
• https://bugs.launchpad.net/bugs/1674532