CERT/CC Vulnerability Note VU#143335

Overview

mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference.

Description

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-7987

Improper bounds checking in "GetValueForIPv4Addr()", "GetValueForMACAddr()", "rfc3110_import()", and "CopyNSEC3ResourceRecord()" functions may allow an attacker to read or write memory.

CWE-476: NULL Pointer Dereference - CVE-2015-7988

Improper input validation in "handle_regservice_request()" may allow an attacker to execute arbitrary code or cause a denial of service.

Apple has also issued a security advisory for these issues.

mDNSResponder-379.27 and later before mDNSResponder-625.41.2 are vulnerable to both issues. The CVSS score below is based on CVE-2015-7987.

Impact

A remote attacker may be able to execute arbitrary code or cause a denial of service on the system running mDNSResponder.

Solution

Apply an update

mDNSResponder 625.41.2 has been released to address these issues. Affected users should update as soon as possible.

Vendor Information

143335

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Android Open Source Project Affected

Apple Affected

Arista Networks, Inc. Not Affected

CoreOS Not Affected

Debian GNU/Linux Not Affected

Fedora Project Not Affected

Infoblox Not Affected

Intel Corporation Not Affected

Red Hat, Inc. Not Affected

ACCESS Unknown

AT&T Unknown

Alcatel-Lucent Unknown

Arch Linux Unknown

Aruba Networks Unknown

Avaya, Inc. Unknown

Belkin, Inc. Unknown

Blue Coat Systems Unknown

CA Technologies Unknown

CentOS Unknown

Check Point Software Technologies Unknown

Cisco Unknown

D-Link Systems, Inc. Unknown

DesktopBSD Unknown

DragonFly BSD Project Unknown

EMC Corporation Unknown

EfficientIP SAS Unknown

Enterasys Networks Unknown

Ericsson Unknown

Extreme Networks Unknown

F5 Networks, Inc. Unknown

Force10 Networks Unknown

FreeBSD Project Unknown

Gentoo Linux Unknown

Google Unknown

Hardened BSD Unknown

Hewlett-Packard Company Unknown

Hitachi Unknown

Huawei Technologies Unknown

IBM Corporation Unknown

IBM eServer Unknown

Internet Systems Consortium Unknown

Internet Systems Consortium - DHCP Unknown

Juniper Networks Unknown

Lenovo Unknown

Mandriva S. A. Unknown

McAfee Unknown

Microsoft Corporation Unknown

NEC Corporation Unknown

NetBSD Unknown

Nokia Unknown

Nominum Unknown

OmniTI Unknown

OpenBSD Unknown

OpenDNS Unknown

Openwall GNU/*/Linux Unknown

Oracle Corporation Unknown

PC-BSD Unknown

Peplink Unknown

Q1 Labs Unknown

QNX Software Systems Inc. Unknown

SUSE Linux Unknown

SafeNet Unknown

Secure64 Software Corporation Unknown

Slackware Linux Inc. Unknown

SmoothWall Unknown

Snort Unknown

Sony Corporation Unknown

Sourcefire Unknown

Symantec Unknown

TippingPoint Technologies Inc. Unknown

Turbolinux Unknown

Ubuntu Unknown

Unisys Unknown

VMware Unknown

Wind River Unknown

ZyXEL Unknown

dnsmasq Unknown

m0n0wall Unknown

openSUSE project Unknown

View all 79 vendors View less vendors

CVSS Metrics

Group	Score	Vector
Base	6.8	AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal	5.3	E:POC/RL:OF/RC:C
Environmental	4.0	CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Apple for reporting this issue to us and working with us to coordinate the fix with vendors.

This document was written by Garret Wassermann.

Other Information

CVE IDs:	CVE-2015-7987, CVE-2015-7988
Date Public:	2016-06-20
Date First Published:	2016-06-20
Date Last Updated:	2016-06-20 23:38 UTC
Document Revision:	83

Software Engineering Institute

CERT Coordination Center

mDNSResponder contains multiple memory-based vulnerabilities

Vulnerability Note VU#143335