[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow

Robert Edmonds edmonds at mycre.ws
Wed Feb 17 18:50:32 UTC 2016


Florian Weimer wrote:
> * Stephane Bortzmeyer:
> 
> > On Tue, Feb 16, 2016 at 03:49:18PM +0000,
> >  Tony Finch <dot at dotat.at> wrote 
> >  a message of 41 lines which said:
> >
> >> Technical analysis and patch:
> >> 
> >>  https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
> >
> > And a lot of stupid advice (limiting answers to 512 bytes in the
> > firewall),
> 
> Which is fine for a default configuration because the glibc stub
> resolver does not enable EDNS0, so a compliant recursor will not send
> larger responses anyway.

There is some speculation that this isn't exploitable in default
configurations [0] or that disabling EDNS0 on the server side can
mitigate the problem [1]. This is not the case, right? The vulnerable
code can still be reached via TCP?

Is Unbound's "msg-buffer-size: 2047" an effective workaround? :-) :-(

[0] https://plus.google.com/+LennartPoetteringTheOneAndOnly/posts/b7kGcW7Qcpx

[1] https://lists.isc.org/pipermail/bind-users/2016-February/096301.html

-- 
Robert Edmonds



More information about the dns-operations mailing list