Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

    Here is a list of potential targets that we investigated (they all call
    gethostbyname, one way or another), but to the best of our knowledge,
    the buffer overflow cannot be triggered in any of them:
    
    apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
    nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
    pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,
    vsftpd, xinetd.
See "Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow" <http://seclists.org/oss-sec/2015/q1/283>.


nginx on most supporting platforms (`NGX_HAVE_GETADDRINFO && NGX_HAVE_INET6`) uses `getaddrinfo(3)`.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: