Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 3 Feb 2015 03:15:48 -0800
From: Qualys Security Advisory <>
Subject: Re: workaround for GHOST glibc vulnerability

On Tue, Feb 03, 2015 at 11:30:13AM +0100, Florian Weimer wrote:
> Why don't you hook gethostbyname?  I'm not sure if gethosybyname is
> implement in terms of gethostbyname_r.  (The call stacks I have suggest
> it isn't.)

Actually, gethostbyname() calls gethostbyname_r(), but before it does,
it calls the vulnerable function __nss_hostname_digits_dots(), so you're
right, this would still be exploitable.

With best regards,

the Qualys Security Advisory team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.