mDNSResponder contains multiple memory-based vulnerabilities
Original Release date: 20 Jun 2016 | Last revised: 20 Jun 2016

Overview
mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference.

Description

CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) – CVE-2015-7987
Improper bounds checking in “GetValueForIPv4Addr()”, “GetValueForMACAddr()”, “rfc3110_import()”, and “CopyNSEC3ResourceRecord()” functions may allow an attacker to read or write memory.CWE-476: NULL Pointer Dereference – CVE-2015-7988Improper input validation in “handle_regservice_request()” may allow an attacker to execute arbitrary code or cause a denial of service.Apple has also issued a security advisory for these issues.mDNSResponder-379.27 and later before mDNSResponder-625.41.2 are vulnerable to both issues.

The CVSS score below is based on CVE-2015-7987.

Impact

A remote attacker may be able to execute arbitrary code or cause a denial of service on the system running mDNSResponder.

Solution

Apply an updatemDNSResponder 625.41.2 has been released to address these issues.

Affected users should update as soon as possible.

Vendor Information (Learn More)
Vendor
Status
Date Notified
Date Updated
Android Open Source Project
Affected
03 Nov 2015
27 Jan 2016
Apple
Affected
16 Oct 2015
23 Oct 2015
Arista Networks, Inc.
Not Affected
22 Jan 2016
15 Feb 2016
CoreOS
Not Affected
22 Jan 2016
25 Jan 2016
Debian GNU/Linux
Not Affected
23 Oct 2015
23 Oct 2015
Fedora Project
Not Affected
23 Oct 2015
22 Jan 2016
Infoblox
Not Affected
22 Jan 2016
25 Jan 2016
Intel Corporation
Not Affected
22 Jan 2016
25 Jan 2016
Red Hat, Inc.
Not Affected
23 Oct 2015
22 Jan 2016
ACCESS
Unknown
21 Mar 2016
21 Mar 2016
Alcatel-Lucent
Unknown
21 Mar 2016
21 Mar 2016
Arch Linux
Unknown
23 Oct 2015
23 Oct 2015
Aruba Networks
Unknown
21 Mar 2016
21 Mar 2016
AT&T
Unknown
21 Mar 2016
21 Mar 2016
Avaya, Inc.
Unknown
22 Jan 2016
22 Jan 2016
If you are a vendor and your product is affected, let us know.View More »CVSS Metrics (Learn More)
Group
Score
Vector
Base
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal
5.3
E:POC/RL:OF/RC:C
Environmental
4.0
CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit
Thanks to Apple for reporting this issue to us and working with us to coordinate the fix with vendors.
This document was written by Garret Wassermann.

Other Information
CVE IDs: CVE-2015-7987 CVE-2015-7988
Date Public: 20 Jun 2016
Date First Published: 20 Jun 2016
Date Last Updated: 20 Jun 2016
Document Revision: 82

Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply