[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow
damian at google.com
Tue Feb 23 18:20:53 UTC 2016
On Tue, Feb 23, 2016 at 10:01 AM, Mike Hoskins (michoski) <
michoski at cisco.com> wrote:
> Just in case anyone's wondering, OpenDNS isn't affected.
They're not directly vulnerable, but their claim that they protect their
users is a bit over-stated -- all RFC-compliant DNS servers provide the
same protections (not forwarding packets that don't follow the DNS spec).
The problem is that there *might* be a way to exploit this via
RFC-compliant DNS packets (I'm personally not convinced, but nobody wants
to claim it's impossible). And that would get past their defenses (and
Additionally, anyone using a remote resolver is vulnerable to a MitM
injecting a malicious response, so everyone should upgrade. Claims that
OpenDNS users "aren't affected" are misleading and dangerous.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations