2019-12-14 - 02:37:41 (UTC) Login
The Password Safe

CVE-2015-7547

This time two teams (one at Google and one at Red Hat) simultaneously detect a vulnerability in one of Linux' core components: glibc.

The case is documented as CVE-2015-7547 and to my surprise I havn't seen any catchy brand name or logo for this one.

The vulnerability can be exploited if an unpatched server resolved a host name and the attacker can send a malicious payload in the DNS response.

The good news here: The server running Passvault does not have any application that would do any requests to domain names provided from the outside. But I must admit that I considered building an anti-spam mechanism that would detect malicious attempts to brute force mail boxes and as a response gather some information on the originating server before blocking it. I guess I will think again. Note to myself: This mechanism will definitely not run on the servers where the brute force attempts take place.