Date: Wed, 03 Apr 2013 17:07:58 +0200 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: glibc getaddrinfo() stack overflow On 04/03/2013 04:55 PM, Sebastian Krahmer wrote: > glibc resolver surprisingly seems to accept indeed larger > UDP packets than DNS servers would send without EDNS0. > But depending on setup its probably hard to get such large > packets through your local recursive DNS, not to speak > about the firewall. Maybe its possible to signal truncation > and force a TCP connect? Yes, this is with the TCP transport. With a suitably prepared zone, I can get up to $ getent hosts ... | wc -l 4093 A records (over DNS, just to be clear). -- Florian Weimer / Red Hat Product Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ