[Bug-wget] GHOST vulnerability and Wget

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] GHOST vulnerability and Wget

From:	Tim Ruehsen
Subject:	[Bug-wget] GHOST vulnerability and Wget
Date:	Wed, 28 Jan 2015 13:11:06 +0100
User-agent:	KMail/4.14.2 (Linux/3.16.0-4-amd64; KDE/4.14.2; x86_64; ; )

Meanwhile everybody knows about
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

In short: gethostbyname* class functions have a vulnerability. Qualys made up 
an exploit for Exim that sounds pretty bad.

I had a (very quick) look at Wget and we are using gethostbyname()
1. in the case ENABLE_IPV6 is not set.
2. via gnulib getaddrinfo() which calls gethostbyname(). We use it in 
host.c/lookup_host().


From what I know, a prepared server may exploit this vulnerability in Wget as 
well. Despite updating glibc, what can we do ? Is it worth to remove 
gethostbyname() from Wget ? In this case we should not use gnulib getaddrinfo 
function and replace it by calling getaddrinfo directly, with a fallback to 
gnulib. And in case ENABLE_IPV6 is not set, we should replace gethostbyname() 
by getaddrinfo().

What do you think ?

Tim

signature.asc
Description: This is a digitally signed message part.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] GHOST vulnerability and Wget, Tim Ruehsen <=
- Re: [Bug-wget] GHOST vulnerability and Wget, Daniel Kahn Gillmor, 2015/01/28
  - Re: [Bug-wget] GHOST vulnerability and Wget, Tim Ruehsen, 2015/01/29

Prev by Date: Re: [Bug-wget] Prepend non-HTML links when downloading recursively
Next by Date: Re: [Bug-wget] GHOST vulnerability and Wget
Previous by thread: Re: [Bug-wget] Issue with --content-on-error and --convert-links
Next by thread: Re: [Bug-wget] GHOST vulnerability and Wget
Index(es):
- Date
- Thread