Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Jan 2015 13:17:40 -0500 (EST)
From: cve-assign@...re.org
To: Hanno Böck <hanno@...eck.de>
cc: OSS Security <oss-security@...ts.openwall.com>, cve-assign@...re.org
Subject: Re: the other glibc issue


On Wed, 28 Jan 2015, Hanno Böck wrote:

> Hi,
>
> Not sure why solardesigner didn't post this himself, but he tweetet
> yesterday:
> glibc "getaddrinfo() writes DNS queries to random file descriptors
> under high load" https://sourceware.org/bugzilla/show_bug.cgi?id=15946
> … "Fixed in 2.20", reopened, CVE?
>
> The corresponding bug title says most of it. It's supposed to be fixed
> in glibc 2.20, however there is a comment saying it is not.
>
> cu,
> -- 
> Hanno Böck
> http://hboeck.de/
>
> mail/jabber: hanno@...eck.de
> GPG: BBB51E42

Use CVE-2013-7423 for ths initial bug report at 2013-09-12 09:50:17 UTC 
stating: "Under high load, getaddrinfo() starts sending DNS queries to 
random file descriptors, e.g. some unrelated socket connected to a remote 
service."

Which comment says that the issue is unfixed?  The 2015-01-08 14:21:11 UTC 
comment by David Nilsson says "I'm unable to reproduce the correct 
behaviour," but does not suggest that the vulnerability is still present.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ