CVE-2013-4357 – A buffer overflow vulnerability in eglibc's get... (How to Fix)

Q: What is the severity of CVE-2013-4357?

CVE-2013-4357 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in eglibc's getaddrinfo() function allows attackers to cause denial of service through specially crafted DNS responses. This affects systems using eglibc versions before 2.14 for DNS resolution.

📋 TL;DR

A buffer overflow vulnerability in eglibc's getaddrinfo() function allows attackers to cause denial of service through specially crafted DNS responses. This affects systems using eglibc versions before 2.14 for DNS resolution.

💻 Affected Systems

Products:

eglibc (Embedded GLIBC)

Versions: All versions before 2.14

Operating Systems: Linux distributions using eglibc (primarily embedded systems, some Debian/Ubuntu variants)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using eglibc rather than standard glibc. Many mainstream Linux distributions use glibc and are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, though this is theoretical and not demonstrated for this specific CVE.

🟠

Likely Case

Denial of service causing application crashes or system instability when processing malicious DNS responses.

🟢

If Mitigated

Limited impact with proper network segmentation and DNS filtering preventing malicious responses from reaching vulnerable systems.

🌐 Internet-Facing: MEDIUM - Systems performing DNS resolution from untrusted sources are vulnerable, but exploitation requires specific network conditions.

🏢 Internal Only: LOW - Internal systems typically resolve trusted DNS servers, reducing attack surface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires ability to send malicious DNS responses to target system, typically through DNS poisoning or controlling DNS server.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: eglibc 2.14 and later

Vendor Advisory: http://www.openwall.com/lists/oss-security/2013/09/17/4

Restart Required: Yes

Instructions:

1. Update eglibc package to version 2.14 or later using your distribution's package manager. 2. For Debian/Ubuntu: sudo apt-get update && sudo apt-get install eglibc. 3. Restart affected services or reboot system.

🔧 Temporary Workarounds

DNS Response Filtering

linux

Configure DNS servers to filter or validate responses before forwarding to clients

Network Segmentation

all

Isolate vulnerable systems from untrusted DNS sources

🧯 If You Can't Patch

Implement strict DNS server whitelisting to only allow trusted DNS servers
Deploy network monitoring for abnormal DNS response patterns and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check eglibc version: dpkg -l | grep eglibc or rpm -qa | grep eglibc. If version is earlier than 2.14, system is vulnerable.

Check Version:

dpkg -l | grep eglibc || rpm -qa | grep eglibc || ldd --version | head -1

Verify Fix Applied:

Verify eglibc version is 2.14 or later using same commands. Test DNS resolution functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Application crashes related to DNS resolution
Segmentation faults in processes using getaddrinfo()
Abnormal DNS query patterns

Network Indicators:

Unusual DNS response sizes or patterns
DNS responses from unexpected sources

SIEM Query:

process:segfault AND (process_name:*dns* OR process_name:*network*) OR dns:response_size>threshold

📊 Metadata

CVE ID: CVE-2013-4357

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: December 31, 2019

Last Updated: November 21, 2024

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html Issue Tracking,Patch,Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/09/17/4 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/09/17/8 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/28/18 Exploit,Mailing List,Patch,Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/29/21 Exploit,Mailing List,Patch,Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/02/24/3 Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/67992 Third Party Advisory,VDB Entry
http://www.ubuntu.com/usn/USN-2306-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2306-2 Third Party Advisory
http://www.ubuntu.com/usn/USN-2306-3 Third Party Advisory
https://access.redhat.com/security/cve/cve-2013-4357 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357 Issue Tracking,Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357 Exploit,Issue Tracking,Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95103 Third Party Advisory,VDB Entry
https://security-tracker.debian.org/tracker/CVE-2013-4357 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html Issue Tracking,Patch,Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/09/17/4 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/09/17/8 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/28/18 Exploit,Mailing List,Patch,Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/29/21 Exploit,Mailing List,Patch,Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/02/24/3 Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/67992 Third Party Advisory,VDB Entry
http://www.ubuntu.com/usn/USN-2306-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2306-2 Third Party Advisory
http://www.ubuntu.com/usn/USN-2306-3 Third Party Advisory
https://access.redhat.com/security/cve/cve-2013-4357 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357 Issue Tracking,Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357 Exploit,Issue Tracking,Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95103 Third Party Advisory,VDB Entry
https://security-tracker.debian.org/tracker/CVE-2013-4357 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-4357, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Debian Linux by Debian

Eglibc by Eglibc

Fedora by Fedoraproject

Fedora by Fedoraproject

Suse Linux Enterprise Server by Novell

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

DNS Response Filtering

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities