[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow

Mark Jeftovic markjr at easydns.com
Fri Mar 4 14:20:41 UTC 2016

Has this bug been given some cool name like "heartbleed" or "poodle" or
does that happen if an actual exploit surfaces?

I'm doing a blog post for O'Reilly on this and it might be fun to dub it
with a name if it hasn't been done so already.

On 2016-02-23 3:42 PM, Florian Weimer wrote:
> * Brian Hartvigsen:
>> (For me this is also an issue with the disclosure, we want to protect
>> people from being exploited obviously, but the initial posting didn’t
>> give a ton of information on what an actual attack could/would look
>> like.
> We were pretty sure that there was no effective recursor-side
> mitigation of unknown attacks, without resorting to
> non-protocol-compliant hacks.  This has not changed.
> I expect that it will be relatively straightforward to filter concrete
> attacks (if they ever happen), with the usual whack-a-mole approach,
> as they pass through the DNS hierarchy.  Of course, this does not
> apply to exploitation by on-path or blind-spoofing attackers,
> bypassing the DNS hierarchy.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Mark Jeftovic, Founder & CEO, easyDNS Technologies Inc.
Company Website: http://easydns.com
Read my blog: http://markable.com
+1-416-535-8672 ext 225

More information about the dns-operations mailing list