Google exposed a critical flaw affecting major Linux distributions. The glibc flaw could have potentially led to remote code execution.

Linux users today are scrambling to patch a critical flaw in the core glibc open-source library that could be exposing systems to a remote code execution risk. The glibc vulnerability is identified as CVE-2015-7547 and is titled, “getaddrinfo stack-based buffer overflow.”The glibc, or GNU C Library, is an open-source implementation of the C and C++ programming language libraries and is part of every major Linux distribution. Google engineers came across the CVE-2015-7547 issue when they were attempting to connect into a certain host system and a segmentation fault (segfault) occurred, causing the connection to crash. Further investigation revealed that glibc was at fault and the crash could potentially achieve an arbitrary remote code execution condition.

Read more at eWeek

Source: | software

Johan Louwers

Johan Louwers

Global Lead Archict at Capgemini
Johan Louwers is an Oracle ACE Director and works for the global Capgemini Infrastructure organisation where he leads the Oracle Architect Office as the lead architect.
Johan Louwers

Latest posts by Johan Louwers (see all)