Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
* brian m. carlson:
> The glibc stub resolver is vulnerable to CVE-2008-1447, according to DSA
> 1605. Since the vast majority of network-using programs use glibc as a
> resolver, this vulnerability affects virtually any network-using
> program, hence the severity. libc6 should not be released without a fix
> for this problem.
>
> The vulnerability has been exposed:
>
> http://demosthen.es/post/43048623/reliable-dns-forgery-in-2008
I fail to see how this attack has a chance to work against non-caching
stub resolvers like the GNU libc resolver.
However, we're working on a solution.
Reply to: