Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
contingencies
on Jan 27, 2015
|
parent
|
context
|
favorite
| on:
CVE-2015-0235 – GHOST: glibc gethostbyname buffer ...
For immediate actions, maybe also set 'UseDNS no' in
/etc/ssh/sshd_config
and restart any public-facing ssh servers.
beagle3
on Jan 28, 2015
[–]
This is a good idea in general. However, every version of ssh that I could test (going back to Ubuntu 8.04) uses getaddrinfo() rather than gethostbyname() and is therefore safe.
beagle3
on Jan 28, 2015
|
parent
[–]
... or not necessarily safe, as people here claim that getaddrinfo() uses gethostbyname() under the covers.
"UseDNS no" in your sshd_config is a good idea in general.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
