[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow
bert hubert
bert.hubert at powerdns.com
Wed Feb 17 13:13:00 UTC 2016
On Wed, Feb 17, 2016 at 01:14:00PM +0100, Ralf Weber wrote:
> > It might be reasonable to limit the size of A and AAAA RRsets to somewhat
> > less than 2KB :-) But right now it's easier (with the software I'm
> > running) to fix glibc than add the necessary nameserver feature :-/
> It all depends of the software you are using ;-). And while it is possible
> to implement such a policy with our (Nominum) software and possibly others
PowerDNS has provided a script which we will continue to update as we learn
more:
http://blog.powerdns.com/2016/02/17/powerdns-cve-2015-7547-possible-mitigation/
Of course we are with Ralf that anyone should be updating their C
libraries as soon as possible. But otherwise, there is this script.
Bert
More information about the dns-operations
mailing list