CVE-2015-7547: getaddrinfo() stack-based buffer overflow
fw at deneb.enyo.de
Wed Feb 17 19:06:14 UTC 2016
* Ben Croswell:
> Cyber folks asked if there was any way for the DNS servers to "protect" the
> vulnerable clients.
> The only thing i could see from the explanation was disabling or limiting
> edns0 sizes. That is obviously not a long term option.
EDNS0 buffer sizes do not apply to TCP responses, so this is not an
effective mitigation, I'm afraid.
More information about the bind-users