Date: Wed, 28 Jan 2015 13:17:40 -0500 (EST) From: cve-assign@...re.org To: Hanno Böck <hanno@...eck.de> cc: OSS Security <oss-security@...ts.openwall.com>, cve-assign@...re.org Subject: Re: the other glibc issue On Wed, 28 Jan 2015, Hanno Böck wrote: > Hi, > > Not sure why solardesigner didn't post this himself, but he tweetet > yesterday: > glibc "getaddrinfo() writes DNS queries to random file descriptors > under high load" https://sourceware.org/bugzilla/show_bug.cgi?id=15946 > … "Fixed in 2.20", reopened, CVE? > > The corresponding bug title says most of it. It's supposed to be fixed > in glibc 2.20, however there is a comment saying it is not. > > cu, > -- > Hanno Böck > http://hboeck.de/ > > mail/jabber: hanno@...eck.de > GPG: BBB51E42 Use CVE-2013-7423 for ths initial bug report at 2013-09-12 09:50:17 UTC stating: "Under high load, getaddrinfo() starts sending DNS queries to random file descriptors, e.g. some unrelated socket connected to a remote service." Which comment says that the issue is unfixed? The 2015-01-08 14:21:11 UTC comment by David Nilsson says "I'm unable to reproduce the correct behaviour," but does not suggest that the vulnerability is still present. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ