# Lifestyles & Discussion > Privacy & Data Security >  Linux glibc vulnerabity. This. Is. Sewious.

## FunkBuddha

Bug in the library linux uses to resolve host names to ip addresses.l

----------


## FunkBuddha

More Info

----------


## brandon

Cooool. I'd love to see how the remote code execution attack would actually work

----------


## timosman

Hope RPF will upgrade the server(s) tonight.

----------


## torchbearer

dns and smtp are the last protocols that need security updates.

----------


## FunkBuddha

Vulnerability in GNU glibc Affecting Cisco Products: February 2016

Looks like I'll be doing some code upgrades soon.

----------


## GunnyFreedom

There's work here, just laying on the ground waiting to be picked up.

----------


## Indy Vidual

Can Google be trusted?

----------


## FunkBuddha

> Can Google be trusted?


This has been independently verified. Right now, hackers(good and bad) are working on developing exploit code for this. If it isn't already in the wild, it will be soon enough.

----------


## CPUd

Should be up in debian repos now:




> Changes for libc6:i386 versions:
> 
> Version 2.19-0ubuntu6.7: 
> 
>   * SECURITY UPDATE: glibc getaddrinfo stack-based buffer overflow
>     - debian/patches/any/CVE-2015-7547-pre1.diff: fix memory leak in
>       resolv/nss_dns/dns-host.c.
>     - debian/patches/any/CVE-2015-7547-pre2.diff: fix memory leak in
>       include/resolv.h, resolv/gethnamaddr.c, resolv/nss_dns/dns-canon.c,
> ...

----------


## VIDEODROME

> Should be up in debian repos now:


Yeah, I wasn't sure if I need to look for the patch or if it will push through with my updates on Mint.

----------


## brandon

All the distros should auto push glibc fixes, but that won't address the millions of apps that have been statically linked against an older version.

----------


## FunkBuddha

If you can't patch and you're running iptables, this will drop any packet sourced from UDP port 53 (DNS) and greater than 1500 bytes.

sudo iptables -I INPUT -p udp --sport 53 -m length --length 1500:65535 -j DROP

----------


## timosman

> If you can't patch and you're running iptables, this will drop any packet sourced from UDP port 53 (DNS) and greater than 1500 bytes.
> 
> sudo iptables -I INPUT -p udp --sport 53 -m length --length 1500:65535 -j DROP


the exploit is usually delivered via TCP and not affected by this rule

----------

