Recently a new vulnerability was released for GLIBC - CVE-2015-7547. The OpenDNS resolvers are not vulnerable to this potential exploit. Users of OpenDNS are protected from any malformed DNS responses, regardless of the source.
This vulnerability was a stack-based buffer overflow discovered in the getaddrinfo() function in versions of glibc prior to version 2.9 which is used by DNS clients to make DNS queries. This vulnerability only affects Linux based operating systems, Windows and Mac OS X are unaffected. A malicious nameserver may be able to generate responses to queries for domains it controls that could trigger this vulnerability. At this point, information has not been released to indicate if such a malicious response could be a well formed DNS response, or if it would need to be malformed in order to trigger the vulnerability.
For technical details regarding how OpenDNS protects against this vulnerability, please see the post on our Engineering blog:
https://engineering.opendns.com/2016/02/17/2980/
More details can be found here: https://engineering.opendns.com/2016/02/29/a-brief-history-of-opendnscache/
Comments
0 comments
Article is closed for comments.