Author Topic: GlibC! Yaaaay! (Patch, now...)  (Read 404 times)

0 Members and 1 Guest are viewing this topic.

Tuoni

  • Gator
  • Posts: 3003
  • A programmer in a previous life
GlibC! Yaaaay! (Patch, now...)
« on: February 16, 2016, 02:20:52 pm »
Quote from: http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/
Researchers have discovered a potentially catastrophic flaw in one of the Internet's core building blocks that leaves hundreds or thousands of apps and hardware devices vulnerable to attacks that can take complete control over them.

The vulnerability was introduced in 2008 in GNU C Library, a collection of open source code that powers thousands of standalone applications and most distributions of Linux, including those distributed with routers and other types of hardware. A function known as getaddrinfo() that performs domain-name lookups contains a buffer overflow bug that allows attackers to remotely execute malicious code. It can be exploited when vulnerable devices or apps make queries to attacker-controlled domain names or domain name servers or when they're exposed to man-in-the-middle attacks where the adversary has the ability to monitor and manipulate data passing between a vulnerable device and the open Internet.

People have finally started looking at this stuff.  Expect far, far more where all of these have come from.