Security Experts:

Connect with us

Hi, what are you looking for?



VMware Products Affected by Critical glibc Flaw

A critical remote code execution vulnerability found in the GNU C Library (glibc) affects most Linux systems and many widely used products, including ones from VMware.

A critical remote code execution vulnerability found in the GNU C Library (glibc) affects most Linux systems and many widely used products, including ones from VMware.

VMware published an advisory on Monday to inform customers that the flaw, tracked as CVE-2015-7547, affects ESXi and several products that are shipped as a virtual appliance.

The vulnerability impacts ESXi 5.5 and 6.0 and all versions of VMware virtual appliances running on Linux, including vSphere, vCenter, vRealize, vCloud, Orchestrator, Workbench, and EUC Identity Manager, Identity Manager Connector and Access Point. Windows-based products and ESXi versions prior to 5.5 are not affected.

The vendor has released a patch, ESXi550-201602401-SG, to resolve the issue in ESXi 5.5, but a fix has yet to be released for ESXi 6.0. Patches and workarounds have been made available for affected VMware virtual appliances.

The glibc vulnerability, a stack-based buffer overflow related to the getaddrinfo() function, was first reported in July 2015 by Robert Holiday of Ciena. The issue, introduced in 2008 with the release of version 2.9, was later also discovered by a Google engineer. Experts at Google and Red Hat independently assessed the impact of the flaw and determined that it’s a serious issue that can lead to remote code execution.

“The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack,” Google said.

Further analysis conducted by security firm Qualys, Yahoo!, researcher Dan Kaminsky and others revealed that the bug is even more serious than initially reported.

“The glibc DNS bug (CVE-2015-7547) is unusually bad. Even Shellshock and Heartbleed tended to affect things we knew were on the network and knew we had to defend,” Kaminsky said. “This affects a universally used library (glibc) at a universally used protocol (DNS). Generic tools that we didn’t even know had network surface (sudo) are thus exposed, as is software written in programming languages designed explicitly to be safe.”

Kaminsky compared this vulnerability to the GHOST bug found in glibc last year and noted that the latter was “fiddly” and had far more mitigating factors compared to CVE-2015-7547.

“Anyway one looks at it: this is critical and will only get worse in the next couple of weeks. Patch the glibc library in use as soon as possible,” Wolfgang Kandek, CTO of Qualys, warned. “The mitigations listed by Redhat in their article have the potential to interfere in normal DNS operations so they are only an option if you are certain of your DNS usage.”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.