#VU12270 Spoofing attack in Glibc - CVE-2017-12132


Vulnerability identifier: #VU12270

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-12132

CWE-ID: CWE-451

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Glibc
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description
The vulnerability allows a remote attacker to perform spoofing attack and write arbitrary files on the target system.

The weakness exists in the DNS stub resolver due to soliciting large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation, when EDNS support is enabled. A remote attacker can write arbitrary files.

Mitigation
Update to version 2.26.

Vulnerable software versions

Glibc: 2.0 - 2.25

External links
https://sourceware.org/bugzilla/show_bug.cgi?id=21361

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


VMware Tanzu products update for GNU C Library
Ubuntu update for glibc
Amazon Linux AMI update for glibc
Multiple vulnerabilities in IBM Dynamic System Analysis (DSA) Preboot
Multiple vulnerabilities in IBM Flex System Chassis Management Module (CMM)
Multiple vulnerabilities in IBM Integrated Management Module II (IMM2)
Red Hat update for glibc
SUSE Linux update for glibc
OpenSUSE Linux update for glibc
SUSE Linux update for glibc