[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow

Leon Weber leon at leonweber.de
Wed Feb 17 10:45:30 UTC 2016


On 16.02.2016 22:29:22, Florian Weimer wrote:
> * Tony Finch:
> > Technical analysis and patch:
> >
> >  https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
>
> I'm happy to answer technical questions and clarify our analysis.

Thanks for your efforts in researching this issue and getting it fixed.

Are you or anyone else aware of further research whether an attacker
could penetrate the major caching resolver implementations?  Thinking
about popular choices like bind, unbound, pdns_recursor and others.

    -- Leon.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160217/054b1f80/attachment.sig>


More information about the dns-operations mailing list