A remote code execution vulnerability in glibc
A remote code execution vulnerability in glibc
[Security] Posted Feb 16, 2016 15:32 UTC (Tue) by corbet
The Google Online Security Blog discloses
a security issue in the GNU C library; a fix, workarounds, and a
proof-of-concept exploit
are all provided. "The glibc DNS client side resolver is vulnerable
to a stack-based buffer overflow when the getaddrinfo() library function is
used. Software using this function may be exploited with
attacker-controlled domain names, attacker-controlled DNS servers, or
through a man-in-the-middle attack.
"
See also: the glibc advisory for this issue.