CVE-2015-7547: getaddrinfo() stack-based buffer overflow

G.W. Haywood bind at
Wed Feb 17 18:09:18 UTC 2016

Hi there,

On Wed, 17 Feb 2016, Dominique Jullier wrote:

> Are they any thoughts around, how to handle yesterday's glibc
> vulnerability[1][2] from the side bind?

This is a glibc issue, not a bind issue.  It makes no sense to attempt
to fix the problem by modifying bind.  Firstly, bind is not the only
software which may call glibc's getaddrinfo() function in a way which
could permit exploitation, and secondly, a 'sticking plaster' fix is
likely to come unstuck anyway.

> Since it is a rather painful task in order to update all hosts ...

I fear that there's no alternative.



More information about the bind-users mailing list