[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] GHOST vulnerability and Wget

From: Daniel Kahn Gillmor
Subject: Re: [Bug-wget] GHOST vulnerability and Wget
Date: Wed, 28 Jan 2015 12:01:00 -0500
User-agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)

On Wed 2015-01-28 07:11:06 -0500, Tim Ruehsen wrote:
> Meanwhile everybody knows about
> https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
> In short: gethostbyname* class functions have a vulnerability. Qualys made up 
> an exploit for Exim that sounds pretty bad.
> I had a (very quick) look at Wget and we are using gethostbyname()
> 1. in the case ENABLE_IPV6 is not set.
> 2. via gnulib getaddrinfo() which calls gethostbyname(). We use it in 
> host.c/lookup_host().
> From what I know, a prepared server may exploit this vulnerability in Wget as 
> well. Despite updating glibc, what can we do ? Is it worth to remove 
> gethostbyname() from Wget ? In this case we should not use gnulib getaddrinfo 
> function and replace it by calling getaddrinfo directly, with a fallback to 
> gnulib. And in case ENABLE_IPV6 is not set, we should replace gethostbyname() 
> by getaddrinfo().
> What do you think ?

I think the right thing to do is to update glibc, where the problem
resides :)

Replacing gethostbyname() with getaddrinfo() would be reasonable, but
mainly for forward-looking reasons, not to work around this specific


reply via email to

[Prev in Thread] Current Thread [Next in Thread]