CVE-2008-1447 v. glibc
Bojan Smojver
bojan at rexursive.com
Wed Jul 9 04:20:54 UTC 2008
Jeffrey Ollie <jeff <at> ocjtech.us> writes:
> I think that the problem is mostly a server problem
According to this:
http://www.kb.cert.org/vuls/id/800113
It is not just a server problem:
"These caching resolvers are the most common target for attackers; however, stub
resolvers are also at risk."
[...]
"As mentioned above, stub resolvers are also vulnerable to these attacks. Stub
resolvers that will issue queries in response to attacker behavior, and may
receive packets from an attacker, should be patched. System administrators
should be alert for patches to client operating systems that implement port
randomization in the stub resolver."
AFAIK, glibc is stub resolver on Fedora, hence the question.
--
Bojan
More information about the fedora-devel-list
mailing list