|
Message-ID: <20150417131008.GE17615@ucc.gu.uwa.edu.au> Date: Fri, 17 Apr 2015 21:10:08 +0800 From: Matt Johnston <matt@....asn.au> To: musl@...ts.openwall.com Subject: Re: Security advisory for musl libc - stack-based buffer overflow in ipv6 literal parsing [CVE-2015-1817] Hi, I think Dropbear probably is vulnerable to CVE-2015-1817 post-authentication. TCP forwarding requests will call getaddrinfo() https://secure.ucc.asn.au/hg/dropbear/file/cbd674d63cd4/dbutil.c#l415 (moved to netio.c in head, and PF_UNSPEC has been fixed to AF_UNSPEC). Pre-authentication should be OK, only getnameinfo() is called (if that's enabled). musl's network-facing DNS code seems a bit precarious with pointer arithmetic? Please CC replies, I'm not subscribed. Cheers, Matt
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.