![]() We’ve investigated the DNS lookup path, which requires the glibc exploit to survive traversing one of the millions of DNS caches dotted across the Internet. What we are unsure of is whether an attacker anywhere on the Internet is similarly empowered, given only the trivial capacity to cause our systems to look up addresses inside their malicious domains. Who can exploit this vulnerability? We know unambiguously that an attacker directly on our networks can take over many systems running Linux. Generic tools that we didn’t even know had network surface (sudo) are thus exposed, as is software written in programming languages designed explicitly to be safe. ![]() This affects a universally used library (glibc) at a universally used protocol (DNS). Even Shellshock and Heartbleed tended to affect things we knew were on the network and knew we had to defend. Wizards of the Coast.TL DR: The glibc DNS bug ( CVE-2015-7547) is unusually bad.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |