Magnitude of glibc Vulnerability Coming To Light (threatpost.com)

Posted by timothy on Thursday February 18, 2016 @03:02AM from the low-level-errors dept.

msm1267 writes: The glibc vulnerability disclosed this week has some experts on edge because of how DNS can leveraged in exploits. Dan Kaminsky said that while man-in-the-middle attacks are one vector, it would appear that it's also possible to exploit the bug and attack most Linux servers via DNS caching-only servers. 'This would be substantially worse if it went through the caching ecosystem; 99 percent of attack vectors go through that system,' Kaminsky said. Glibc, or the GNU C library, is used by most flavors of Linux and also a number of popular web services and frameworks, giving attacks potentially massive horizontal scale. The major Linux distros have patched and pushed updates to servers; source code is also available for homegrown Linux builds.

3 of 139 comments (clear)

Min score:

Reason:

Sort:

That's what they get by Anonymous Coward · 2016-02-18 03:19 · Score: 5, Funny

For being glib about it. (ba dump)
1. Re:That's what they get by Anonymous Coward · 2016-02-18 03:25 · Score: 2, Funny
  
  I c what you did there.
Re:Too bad by Anonymous Coward · 2016-02-18 06:37 · Score: 4, Funny

Odd, I don't remember writing this.