A remote code execution vulnerability in glibc

by
corbet
from LWN.net on (#144GR)
The Google Online Security Blog disclosesa security issue in the GNU C library; a fix, workarounds, and aproof-of-concept exploit are all provided. "The glibc DNS client side resolver is vulnerableto a stack-based buffer overflow when the getaddrinfo() library function isused. Software using this function may be exploited withattacker-controlled domain names, attacker-controlled DNS servers, orthrough a man-in-the-middle attack."

See also: the glibcadvisory for this issue.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments