Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Jan 2015 13:17:40 -0500 (EST)
From: cve-assign@...re.org
To: Hanno Böck <hanno@...eck.de>
cc: OSS Security <oss-security@...ts.openwall.com>, cve-assign@...re.org
Subject: Re: the other glibc issue


On Wed, 28 Jan 2015, Hanno Böck wrote:

> Hi,
>
> Not sure why solardesigner didn't post this himself, but he tweetet
> yesterday:
> glibc "getaddrinfo() writes DNS queries to random file descriptors
> under high load" https://sourceware.org/bugzilla/show_bug.cgi?id=15946
> … "Fixed in 2.20", reopened, CVE?
>
> The corresponding bug title says most of it. It's supposed to be fixed
> in glibc 2.20, however there is a comment saying it is not.
>
> cu,
> -- 
> Hanno Böck
> http://hboeck.de/
>
> mail/jabber: hanno@...eck.de
> GPG: BBB51E42

Use CVE-2013-7423 for ths initial bug report at 2013-09-12 09:50:17 UTC 
stating: "Under high load, getaddrinfo() starts sending DNS queries to 
random file descriptors, e.g. some unrelated socket connected to a remote 
service."

Which comment says that the issue is unfixed?  The 2015-01-08 14:21:11 UTC 
comment by David Nilsson says "I'm unable to reproduce the correct 
behaviour," but does not suggest that the vulnerability is still present.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.