[BBLISA] FYI, glibc resolver vulnerability, patch and reboot asap
Bill Bogstad
bogstad at pobox.com
Wed Jan 28 02:54:36 EST 2015
On Wed, Jan 28, 2015 at 5:11 AM, Rob Taylor <rgt at wi.mit.edu> wrote:
> https://isc.sans.edu/diary/New+Critical+GLibc+Vulnerability+CVE-2015-0235+%28aka+GHOST%29/19237
I wonder if any systems are still doing HOSTNAME, IP address
comparisons for "security
purposes".
Possible scenario:
1. Client connects to server.
2. Server does reverse lookup of IP address of client to get hostname
(and gets BADNAME)
3. Server looks up BADNAME to get its IP address (and gets rooted)
The above depends on whether BADNAME can actually be served by a DNS
server. Don't know myself.
Bill Bogstad
More information about the bblisa
mailing list