Skip to main content

CVE-2015-7547 MegaBug wating to hit electronic devices



TechGlyphs Editor

A highly critical vulnerability has been uncovered in the GNU C Library (glibc), a key component of most Linux distributions, that leaves nearly all Linux machines, thousands of apps and electronic devices vulnerable to hackers.


GNU C Library (glibc) is a collection of open source code that powers thousands of standalone apps and most Linux distributions, including those distributed to routers and other types of hardware.The flaw can be exploited when an affected device or app make queries to a malicious DNS server that returns too much information to a lookup request and floods the program's memory with code.


This code then compromises the vulnerable application or device and tries to take over the control over the whole system.


It is possible to inject the domain name into server log files, which when resolved will trigger remote code execution. An SSH (Secure Shell) client connecting to a server could also be compromised.


However, an attacker need to bypass several operating system security mechanisms – like ASLR and non-executable stack protection – in order to achieve successful RCE attack.


Alternatively, an attacker on your network could perform man-in-the-middle (MitM) attacks and tamper with DNS replies in a view to monitoring and manipulating (injecting payloads of malicious code) data flowing between a vulnerable device and the Internet."glibc reserves 2048 bytes in the stack through alloca() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated."

"Under certain conditions a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow."


you can help prevent exploitation of the flaw, if you aren’t able to immediately patch your instance of glibc, by limiting all TCP DNS replies to 1024 bytes, and dropping UDP DNS packets larger than 512 bytes



Labels:

Popular posts from this blog

The possibility of quantum computing breaking encryption algorithms

The possibility of breaking encryption algorithms is a powerful motivating factor for many countries of the world. Thus, knowledge of the enemy's encryption systems could give a huge advantage in intelligence, while at the same time contributing to the conduct of new fundamental research in the field of physics, since modern experimental systems have at their disposal only less than 100 qubits.    To achieve the useful computing performance of a supercomputer, we probably need machines with hundreds of thousands of qubits. In order for the devices to function correctly, they must correct all minor random errors in the software. In a quantum computer, such errors arise due to imperfect elements of the circuit and the interaction of qubits with their environment. For these reasons, qubits can lose coherence in literally a split second. A quantum computer with 100 qubits can simultaneously represent 2100 solutions. For some tasks, this exponential parallelism can be used to create a h
Read more

How to install cloudflare wrap on linux

 command mode dumb......expert user edition   millen@TechGlyphs-Studio:~/Desktop$ wrap-cli wrap-cli: command not found millen@TechGlyphs-Studio:~/Desktop$ curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg Command 'curl' not found, but can be installed with: sudo snap install curl  # version 7.86.0, or sudo apt  install curl  # version 7.81.0-1ubuntu1.6 See 'snap info curl' for additional versions. [sudo] password for millen:  gpg: no valid OpenPGP data found. millen@TechGlyphs-Studio:~/Desktop$ sudo apt  install curl Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required:   chromium-codecs-ffmpeg-extra gstreamer1.0-vaapi libflashrom1 libftdi1-2   libgstreamer-plugins-bad1.0-0 Use 'sudo apt autoremove' to remove them. The following NEW packages will be in
Read more

Simple steps to protect your privacy.

  Step 1. Download DuckDuckGo on all your devices With just one download you'll get tracker blocking, private searching, increased encrypting, and privacy grading on all of your browsing. Our mobile app for iOS/Android (DuckDuckGo Privacy Browser) and browser extensions for Firefox, Chrome, and Safari (DuckDuckGo Privacy Essentials) has all of this in one seamless package. Privacy, simplified. Step 2. Update your software Your device operating systems get out-of-date over time, and old software can contain security bugs or settings that leak personal data. Set your devices (and the apps on them) them to update automatically. That way you'll always have the latest, safest versions. Step 3. Update your privacy settings Make sure your devices are using the best privacy settings. Here are step-by-step instructions for all the major device types. Especially make sure you adjust per-app location settings, so that your location history isn’t leaking where it shouldn’t. For extra bonus
Read more