CVE-2013-7423

Vulnerability

The send_dg function in resolv/res_send.c of GNU C Library (glibc) before version 2.20 does not properly reuse file descriptors when processing DNS queries [1][2]. Under a large number of requests that trigger getaddrinfo(), file descriptors may be closed or reassigned, causing subsequent DNS queries to be sent to unintended network sockets. This affects all glibc versions prior to 2.20, including those shipped in Red Hat Enterprise Linux 6 and Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS [1][4].

Exploitation

An attacker can exploit this flaw by sending a high volume of DNS requests to an application using glibc's getaddrinfo() function. The application invokes send_dg to send DNS queries; under load, send_dg may reuse a file descriptor that has already been closed or reassigned, sending the DNS query to an unintended recipient [1][4]. No special authentication or network position is required beyond the ability to trigger DNS resolution through the affected application [1].

Impact

Successful exploitation may cause the application to send DNS queries to unintended locations, potentially leaking sensitive information or corrupting data received from the DNS response [1][4]. This can lead to denial of service in other applications or information disclosure [4]. The attacker does not gain code execution or elevated privileges directly; the impact is limited to the confidentiality and integrity of DNS-related data.

Mitigation

A patched glibc version (2.20 or later) is available. Red Hat released updates via RHSA-2015:0863 and RHSA-2016:1207 for Red Hat Enterprise Linux 6 and 7 respectively [1][2]. Ubuntu published USN-2519-1 fixing the issue for supported releases [4]. Users should update glibc to the fixed version provided by their distribution. No workarounds are documented in the available references.