Date: Tue, 3 Feb 2015 03:15:48 -0800 From: Qualys Security Advisory <qsa@...lys.com> To: oss-security@...ts.openwall.com Cc: const@...elinux.com Subject: Re: workaround for GHOST glibc vulnerability CVE-2015-0235 On Tue, Feb 03, 2015 at 11:30:13AM +0100, Florian Weimer wrote: > Why don't you hook gethostbyname? I'm not sure if gethosybyname is > implement in terms of gethostbyname_r. (The call stacks I have suggest > it isn't.) Actually, gethostbyname() calls gethostbyname_r(), but before it does, it calls the vulnerable function __nss_hostname_digits_dots(), so you're right, this would still be exploitable. With best regards, -- the Qualys Security Advisory team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.