CVE-2015-7547 and Windows DNS

Microsoft is aware of the CVE-2015-7547  Remote Execute Vulnerability for Linux in GNU C Library.  If we determine there is any impact to our devices and services, we’ll take the necessary action. Till now there is no known impact on Microsoft DNS clients.

Vulnerability Summary

The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. Successful exploitation could result in remote code execution.

Affected glibc versions:

GNU C Library version 2.20 or earlier.


Author : Kumar Ashutosh