Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 Apr 2015 23:02:24 +0200
From: Laurent Bercot <>
Subject: Re: Re: Security advisory for musl libc - stack-based buffer
 overflow in ipv6 literal parsing [CVE-2015-1817]

On 18/04/2015 21:56, Rich Felker wrote:
> 74177   IN A
> I don't see any CNAMEs involved. Can you show me where the CNAME is
> coming from?

  There must be something poisoning caches somewhere, or you changed
something recently.
  Initially, here's what I had in my cache:

$ s6-dnsqr a
74 bytes, 1+2+0+0 records, response, rd, ra, noerror
query: 1
answer: 76356 CNAME
answer: 76356 A

  Then I flushed my cache, and I got the correct result:

$ s6-dnsqr a
49 bytes, 1+1+0+0 records, response, rd, ra, noerror
query: 1
answer: 86400 A

  I have no idea how the CNAME made it into my cache in the first
place. The .cx nameservers all correctly delegate without answering.
But since Harald saw the same thing as I did, I think it warrants
further investigation.

  (It's DNS, so it sucks. That's to be expected.)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.