[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow

Mukund Sivaraman muks at isc.org
Tue Feb 23 20:43:09 UTC 2016

Hi Robert

On Tue, Feb 23, 2016 at 03:34:38PM -0500, Robert Edmonds wrote:
> Mukund Sivaraman wrote:
> > Assuming the 2nd message overflows on the stack and overwrites the
> > return address suitably,
> Once the attacker controls the instruction pointer, it's game over.

The message would need a payload of malicious instructions (the exploit)
to execute. Ways to get that past a caching resolver is what was

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160224/74bf4b0f/attachment.sig>

More information about the dns-operations mailing list