[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow

George Michaelson ggm at apnic.net
Tue Feb 23 20:42:50 UTC 2016


Second order Q:

if the question OR answer is cached, is there a multiplying factor for
other [client] ?

On 24 February 2016 at 09:41, George Michaelson <ggm at apnic.net> wrote:

> possibly silly Q. apologies if this is well understood and covered.
>
> given [client] -> [resolver A] -> [resolver B] -> [resolver C] ->
> [authority]
>
> who gets broken into and why?
>
> given [client] -> [8.8.8.8] -> [authority]
>
> who gets broken into and why?
>
> [client] is assumed to be { [client], [client] -> [NAT/Router DNS agent] }
>
> -G
>
> On 24 February 2016 at 09:34, Robert Edmonds <edmonds at mycre.ws> wrote:
>
>> Mukund Sivaraman wrote:
>> > Assuming the 2nd message overflows on the stack and overwrites the
>> > return address suitably,
>>
>> Once the attacker controls the instruction pointer, it's game over.
>>
>> --
>> Robert Edmonds
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-jobs
>> <https://lists.dns-oarc.net/mailman/listinfo/dns-operationsdns-jobs>
>> mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160224/d8023477/attachment.html>


More information about the dns-operations mailing list