[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow
fw at deneb.enyo.de
Wed Feb 17 17:50:35 UTC 2016
* Leon Weber:
> Are you or anyone else aware of further research whether an attacker
> could penetrate the major caching resolver implementations?
I'm hesistant to name specific implementations publicly (because it
could be construed as blaming glibc's exposure on them). But we have
encountered one implementation which does close TCP connections
without sending responses in an overload situation.
The relevant TCP behavior is hop-by-hop, and as such it is influenced
by middleboxes and their connection and state management. This makes
it difficult to make accurate statements without detailed knowledge of
the network of interest.
More information about the dns-operations