[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow
George Michaelson
ggm at apnic.net
Tue Feb 23 20:41:45 UTC 2016
possibly silly Q. apologies if this is well understood and covered.
given [client] -> [resolver A] -> [resolver B] -> [resolver C] ->
[authority]
who gets broken into and why?
given [client] -> [8.8.8.8] -> [authority]
who gets broken into and why?
[client] is assumed to be { [client], [client] -> [NAT/Router DNS agent] }
-G
On 24 February 2016 at 09:34, Robert Edmonds <edmonds at mycre.ws> wrote:
> Mukund Sivaraman wrote:
> > Assuming the 2nd message overflows on the stack and overwrites the
> > return address suitably,
>
> Once the attacker controls the instruction pointer, it's game over.
>
> --
> Robert Edmonds
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160224/ae06c8df/attachment.html>
More information about the dns-operations
mailing list