Vulnerability Note VU#143335

mDNSResponder contains multiple memory-based vulnerabilities

Original Release date: 20 Jun 2016 | Last revised: 20 Jun 2016

Overview

mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference.

Description

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-7987

Improper bounds checking in "GetValueForIPv4Addr()", "GetValueForMACAddr()", "rfc3110_import()", and "CopyNSEC3ResourceRecord()" functions may allow an attacker to read or write memory.

CWE-476: NULL Pointer Dereference - CVE-2015-7988

Improper input validation in "handle_regservice_request()" may allow an attacker to execute arbitrary code or cause a denial of service.

Apple has also issued a security advisory for these issues.

mDNSResponder-379.27 and later before mDNSResponder-625.41.2 are vulnerable to both issues. The CVSS score below is based on CVE-2015-7987.

Impact

A remote attacker may be able to execute arbitrary code or cause a denial of service on the system running mDNSResponder.

Solution

Apply an update

mDNSResponder 625.41.2 has been released to address these issues. Affected users should update as soon as possible.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Android Open Source ProjectAffected03 Nov 201527 Jan 2016
AppleAffected16 Oct 201523 Oct 2015
Arista Networks, Inc.Not Affected22 Jan 201615 Feb 2016
CoreOSNot Affected22 Jan 201625 Jan 2016
Debian GNU/LinuxNot Affected23 Oct 201523 Oct 2015
Fedora ProjectNot Affected23 Oct 201522 Jan 2016
InfobloxNot Affected22 Jan 201625 Jan 2016
Intel CorporationNot Affected22 Jan 201625 Jan 2016
Red Hat, Inc.Not Affected23 Oct 201522 Jan 2016
ACCESSUnknown21 Mar 201621 Mar 2016
Alcatel-LucentUnknown21 Mar 201621 Mar 2016
Arch LinuxUnknown23 Oct 201523 Oct 2015
Aruba NetworksUnknown21 Mar 201621 Mar 2016
AT&TUnknown21 Mar 201621 Mar 2016
Avaya, Inc.Unknown22 Jan 201622 Jan 2016
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal 5.3 E:POC/RL:OF/RC:C
Environmental 4.0 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Apple for reporting this issue to us and working with us to coordinate the fix with vendors.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs: CVE-2015-7987 CVE-2015-7988
  • Date Public: 20 Jun 2016
  • Date First Published: 20 Jun 2016
  • Date Last Updated: 20 Jun 2016
  • Document Revision: 82

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.