The Staff Security Engineer in this article (Serna) from Google filed a ticket to their supervisor (Stadmeyer) and they spent a good deal of time trying to figure out exactly why their SSH client went faulty before it connected to their host. They worked on an in-depth analysis of the bug, took a few cracks at hacking it, and eventually exploited the bug into working order.
Through their through crack of the bug, they had learned that the maintainers caught the bug issue last year. Because they didn’t know if the crack had been patched yet, they took time to try and figure out if there was any possible fix before searching the deeper web for more answers. Because the hack was such a sensitive and executable hack, they knew that they had to take more of an effort to control it. They worked through the investigation, patch creation, and testing phases before anyone else on the web had really explored fixing the issue.
If you’re facing this DNS client issue, the patch that they found is available here.
The issue was prevalent in all issues of glibc after version 2.9. While you should still update to prevent security vulnerabilities, the current version of glibc is vulnerable to what the coders call a “stack based buffer overload” when getaddrinfo () is used as a library function. When this happens, servers can be hacked through attacker controlled domains, as well as man-in-the-middle attacks.
Google suggests limiting the response to glibc by mitigating the response sizes that the DNS resolver accepts locally.
“When code crashes unexpectedly, it can be a sign of something much more significant than it appears,” writes Stadmeyer. “Ignore crashes at your peril!”
Leave a Reply