Glibc getaddrinfo stack-based buffer overflow

Forum / General Discussions / Glibc getaddrinfo stack-based buffer overflow

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #10128
    Britgirl
    Keymaster

    The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. A remote attacker could create a specially crafted DNS response causing libresolv to crash or, potentially, execute code with the permissions of the user running the library.

    Investigations show that the vulnerability was introduced in May 2008 as part of glibc 2.9. To mitigate the risk of an attack, it is strongly recommended that Linux users update glibc.

    https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html

    Glibc is not shipped with NoMachine packages but makes use of this library which is provided by the Linux distribution. NoMachine advises all users to update their Linux OS, or contact their provider for more information. Windows and Mac are not affected.

Viewing 1 post (of 1 total)

This topic was marked as closed, you can't post.