[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow
Robert Edmonds
edmonds at mycre.ws
Wed Feb 17 18:50:32 UTC 2016
Florian Weimer wrote:
> * Stephane Bortzmeyer:
>
> > On Tue, Feb 16, 2016 at 03:49:18PM +0000,
> > Tony Finch <dot at dotat.at> wrote
> > a message of 41 lines which said:
> >
> >> Technical analysis and patch:
> >>
> >> https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
> >
> > And a lot of stupid advice (limiting answers to 512 bytes in the
> > firewall),
>
> Which is fine for a default configuration because the glibc stub
> resolver does not enable EDNS0, so a compliant recursor will not send
> larger responses anyway.
There is some speculation that this isn't exploitable in default
configurations [0] or that disabling EDNS0 on the server side can
mitigate the problem [1]. This is not the case, right? The vulnerable
code can still be reached via TCP?
Is Unbound's "msg-buffer-size: 2047" an effective workaround? :-) :-(
[0] https://plus.google.com/+LennartPoetteringTheOneAndOnly/posts/b7kGcW7Qcpx
[1] https://lists.isc.org/pipermail/bind-users/2016-February/096301.html
--
Robert Edmonds
More information about the dns-operations
mailing list