Date: Thu, 19 Oct 2017 21:25:47 -0400 From: Rich Felker <dalias@...c.org> To: oss-security@...ts.openwall.com Cc: Felix Wilhelm <fwilhelm@...gle.com>, musl@...ts.openwall.com Subject: Re: [oss-security] CVE request: musl libc 1.1.16 and earlier dns buffer overflow On Thu, Oct 19, 2017 at 04:17:57PM -0400, Rich Felker wrote: > Felix Wilhelm has discovered a flaw in the dns response parsing for > musl libc 1.1.16 that leads to overflow of a stack-based buffer. > Earlier versions are also affected. > > When an application makes a request via getaddrinfo for both IPv4 and > IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the > nameservers configured in resolv.conf can reply to both the A and AAAA > queries with A results. Since A records are smaller than AAAA records, > it's possible to fit more addresses than the precomputed bound, and a > buffer overflow occurs. > > Users are advised to upgrade to 1.1.17 or patch; the patch is simple > and should apply cleanly to all recent versions: > > https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395 > > Users who cannot patch or upgrade immediately can mitigate the issue > by running a caching nameserver on localhost and pointing resolv.conf > to 127.0.0.1. CVE-2017-15650 has been assigned for this issue. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.