Re: [Tails-dev] Is Tails affected by the CVE-2015-7547 glibc…

This message is part of the following thread:
Mthe complete thread tree sorted by date
Mintrigeri at <-
M 
Delete this message

Reply to this message
Author: Jurre van Bergen
Date:  
To: tails-dev
Subject: Re: [Tails-dev] Is Tails affected by the CVE-2015-7547 glibc getaddrinfo() vulnerability?
Hi,

This is an on-going investigation. Indeed, applications using the Tor
socks port for name resolution are not vulnerable for this attack.

An automated test was ran trying to determine (using the public proof of
concept) whether any application was vulnerable, so far, we're on the
safe side but were investigating a couple of applications which returned
an error.

Even if there was an evil exit node, it should be fine since
getaddrinfo() in torsocks resolves it through Tor on the SocksPort. In
addition, applications which are configured to use socks don't use
getaddrinfo() in this case since the resolving will go through Tor's
DNSPort.

We'll keep the mailinglist up-to-date on any progress regarding this matter.

Best,
Jurre

On 02/18/2016 11:34 AM, intrigeri wrote:
> Hi,
>
> my understanding is that clients that use Tor SOCKS port for name
> resolution are fine.
>
> For clients who use the DNSPort, it's not clear to me if an
> attacker-controlled payload can make it's way from the exit node being
> used for the name resolution to the client. Has anyone looked
> into this?
>
> Cheers,



This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Is Tails affected by the CVE-2015-7547 glibc getaddrinfo() vulnerability?Re: [Tails-dev] Hacking Team looking at Tails->
lists.autistici.org administrated by postmasterLurker (version 2.3)