[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow
Tony Finch
dot at dotat.at
Wed Feb 17 11:27:45 UTC 2016
Florian Weimer <fw at deneb.enyo.de> wrote:
>
> But it's certainly true there aren't any good network-side mitigation
> options.
It might be reasonable to limit the size of A and AAAA RRsets to somewhat
less than 2KB :-) But right now it's easier (with the software I'm
running) to fix glibc than add the necessary nameserver feature :-/
2KB is uncomfortably small for other RRsets - .gdn and .hiv have DNSKEY
RRsets which produce message sizes larger than 2KB.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Fitzroy, Sole: Southwesterly at first in southeast, otherwise northwesterly, 5
to 7 increasing gale 8 at times. Rough or very rough, occasionally high later
in northwest. Rain or showers. Good, occasionally poor.
More information about the dns-operations
mailing list