[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow

Robert Edmonds edmonds at mycre.ws
Wed Feb 17 21:12:55 UTC 2016


Florian Weimer wrote:
> I'm happy to answer technical questions and clarify our analysis.

getaddrinfo() has been blamed a lot (e.g. VU#457759: "The getaddrinfo()
function allows a buffer overflow condition in which arbitrary code may
be executed"), but is it correct that the vulnerable code was actually
in glibc's libresolv and not the "front end" getaddrinfo() code? (It
looks like the fixes to nss_dns were cleanups to make testing more
deterministic.)

That is, the vulnerable version of glibc could be safely used with an
alternative 'hosts' NSS module, because the vulnerable code would never
be reached? (Not that I am proposing this as a workaround.)

--
Robert Edmonds



More information about the dns-operations mailing list