[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow
muks at isc.org
Tue Feb 23 20:43:09 UTC 2016
On Tue, Feb 23, 2016 at 03:34:38PM -0500, Robert Edmonds wrote:
> Mukund Sivaraman wrote:
> > Assuming the 2nd message overflows on the stack and overwrites the
> > return address suitably,
> Once the attacker controls the instruction pointer, it's game over.
The message would need a payload of malicious instructions (the exploit)
to execute. Ways to get that past a caching resolver is what was
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: not available
More information about the dns-operations