oss-sec mailing list archives
Re: the other glibc issue
From: cve-assign () mitre org
Date: Wed, 28 Jan 2015 13:17:40 -0500 (EST)
On Wed, 28 Jan 2015, Hanno B??ck wrote:
Hi, Not sure why solardesigner didn't post this himself, but he tweetet yesterday: glibc "getaddrinfo() writes DNS queries to random file descriptors under high load" https://sourceware.org/bugzilla/show_bug.cgi?id=15946 ??? "Fixed in 2.20", reopened, CVE? The corresponding bug title says most of it. It's supposed to be fixed in glibc 2.20, however there is a comment saying it is not. cu, -- Hanno B??ck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Use CVE-2013-7423 for ths initial bug report at 2013-09-12 09:50:17 UTC stating: "Under high load, getaddrinfo() starts sending DNS queries to random file descriptors, e.g. some unrelated socket connected to a remote service."
Which comment says that the issue is unfixed? The 2015-01-08 14:21:11 UTC comment by David Nilsson says "I'm unable to reproduce the correct behaviour," but does not suggest that the vulnerability is still present.
--- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Current thread:
- the other glibc issue Hanno Böck (Jan 28)
- Re: the other glibc issue cve-assign (Jan 28)
- Re: the other glibc issue Solar Designer (Jan 29)
- Re: the other glibc issue Rich Felker (Jan 30)
- Re: the other glibc issue Solar Designer (Jan 29)
- Re: the other glibc issue cve-assign (Jan 28)