CVE-2015-7547: getaddrinfo() stack-based buffer overflow
fw at deneb.enyo.de
Wed Feb 17 19:11:31 UTC 2016
* Alan Clegg:
> While I agree that the "major distributions" (and even the minor ones) are
> getting patches out, I'd like to point out something that Alan Cox posted
> over on G+:
> "You can upgrade all your servers but if that little cheapo plastic box on
> your network somewhere has a vulnerable post 2008 glibc and ever does DNS
> lookups chances are it's the equivalent of a trapdoor into your network."
glibc is usually considered way too bloated for use in embedded devices.
I'm sure there are some uses in this space, but glibc is probably not
a relevant player in this field.
That being said, there are apparently supported glibc ports to
Android, specifically for running mostly unported GNU/Linux
applications on top of Android devices (applications which do not work
with Android's native Bionic libc, which is not affected by this
More information about the bind-users