Re: the other glibc issue

[cve-assign () mitre org]

On Wed, 28 Jan 2015, Hanno B??ck wrote:

> Hi,
>
> Not sure why solardesigner didn't post this himself, but he tweetet
> yesterday:
> glibc "getaddrinfo() writes DNS queries to random file descriptors
> under high load" https://sourceware.org/bugzilla/show_bug.cgi?id=15946
> ??? "Fixed in 2.20", reopened, CVE?
>
> The corresponding bug title says most of it. It's supposed to be fixed
> in glibc 2.20, however there is a comment saying it is not.
>
> cu,
> --
> Hanno B??ck
> http://hboeck.de/
>
> mail/jabber: hanno () hboeck de
> GPG: BBB51E42

Use CVE-2013-7423 for ths initial bug report at 2013-09-12 09:50:17 UTC 
stating: "Under high load, getaddrinfo() starts sending DNS queries to 
random file descriptors, e.g. some unrelated socket connected to a remote 
service."

Which comment says that the issue is unfixed?  The 2015-01-08 14:21:11 UTC 
comment by David Nilsson says "I'm unable to reproduce the correct 
behaviour," but does not suggest that the vulnerability is still present.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]