Capture of recently discovered glibc getaddrinfo() vulnerability
1 min read
The folks at Google Security recently discovered a vulnerability in glibc’s getaddrinfo() library function, allowing attackers to execute malicious code transmitted in oversized DNS replies. Scary stuff!
Luckily, there’s already a patch, and the developers generated some proof of concept code to demonstrate the vulnerability. We took that code and ran it against some of our own systems. You can see a packet capture of the whole thing here: