Accessibility Resource Center Skip to main content
Get up to $500 when you bring your phone. Plus, get the incredible iPhone 13 Pro on us. Online only. With select 5G Unlimited plans. Ends 12.5. Buy now
end of navigation menu

Are Verizon customer routers vunerable to the glibc bug (CVE-2015-7547)?

Reply
dlc_usa
Contributor
Contributor
Posts: 5
Registered: ‎02-17-2016

Are Verizon customer routers vunerable to the glibc bug (CVE-2015-7547)?

Message 1 of 8
(1,591 Views)

If so, is Verizon going to harden these units expeditiously?

7 REPLIES 7
CRobGauth
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 8,010
Registered: ‎11-04-2008

Re: Are Verizon customer routers vunerable to the glibc bug (CVE-2015-7547)?

Message 2 of 8
(1,579 Views)

Hard to say.

But this is a Linux bug. Not sure how that affects the router.


If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
dlc_usa
Contributor
Contributor
Posts: 5
Registered: ‎02-17-2016

Re: Are Verizon customer routers vunerable to the glibc bug (CVE-2015-7547)?

Message 3 of 8
(1,573 Views)

Most home routers are based on the Linux kernel (certainly the Actiontecs are) and usually use a lot of the GNU infrastructure, too.  The real question is are they using glibc or something else like uclibc.

dlc_usa
Contributor
Contributor
Posts: 5
Registered: ‎02-17-2016

Re: Are Verizon customer routers vunerable to the glibc bug (CVE-2015-7547)?

Message 4 of 8
(1,566 Views)

It may be possible to filter using iptable rules according to the announcement:

 

Mitigating factors for UDP include:
- A firewall that drops UDP DNS packets > 512 bytes.
Mitigating factors for TCP include:
- Limit all replies to 1024 bytes.

This should catch any serious stack overflowing cracking attempts.  If would good for Verizon to tell their customers how to implement such rules.  Of course, they could add such rules to their customer-facing routers as an alternative, I expect, but they should tell us if they are.

pa28pilot
Copper Contributor
Copper Contributor
Posts: 22
Registered: ‎06-21-2011

Re: Are Verizon customer routers vunerable to the glibc bug (CVE-2015-7547)?

Message 5 of 8
(1,519 Views)

The problem with those suggested mitigations is that they're essentially requiring the user to avoid any DNS resolvers that provide responses using the Extension Mechanisms for DNS, which translates to pretty much any of those that are useful for zones protected with DNSsec signatures.

 

It may be moot for many FiOS users, as it appears that VZ's name servers don't properly handle large replies right now anyway.  You can see for yourself if you check them with OARC's DNS Reply Size Test Server.

 

So basically the user's choice is to either use resolvers that allow zones to be spoofed or to use resolvers that might send an answer that overflows a buffer. 

dlc_usa
Contributor
Contributor
Posts: 5
Registered: ‎02-17-2016

Re: Are Verizon customer routers vunerable to the glibc bug (CVE-2015-7547)?

Message 6 of 8
(1,513 Views)

Dang.  Well, maybe Verizon will chime in here.  Thank you, Cherokee commander.

tns2
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 4,437
Registered: ‎12-16-2012

Re: Are Verizon customer routers vunerable to the glibc bug (CVE-2015-7547)?

Message 7 of 8
(1,433 Views)

Verizon will never chime in.

dlc_usa
Contributor
Contributor
Posts: 5
Registered: ‎02-17-2016

Re: Are Verizon customer routers vunerable to the glibc bug (CVE-2015-7547)?

Message 8 of 8
(1,415 Views)

I was given the number for expert service to inquire if glibc is deployed, but I'm not certain it's worth the time.

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Have a spare Fios-G1100?Learn how to bridge it into your network
Get Started


Covid19

Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.
Modal Dialogue Title