Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #85178

Re: Ghost vulnerability

Path csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path <rosuav@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.029
X-Spam-Evidence '*H*': 0.94; '*S*': 0.00; 'python:': 0.09; 'cc:addr :python-list': 0.11; 'anyways,': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'range(0,': 0.16; 'wrote:': 0.18; 'wed,': 0.18; 'server,': 0.19; 'feb': 0.22; 'example': 0.22; 'import': 0.22; 'cc:addr:python.org': 0.22; 'cc:2**0': 0.24; 'header:In-Reply-To:1': 0.27; 'am,': 0.29; 'message- id:@mail.gmail.com': 0.30; 'ctypes': 0.31; 'though.': 0.31; 'test': 0.35; 'received:google.com': 0.35; 'disk': 0.36; 'skip:o 20': 0.38; 'more': 0.64; '2015': 0.84; 'vulnerable': 0.84; 'to:none': 0.92
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=EMGlD+p4a3+MzaCecuXVtOxqIt/U1ELXHBKjj3yZ7PE=; b=cz2B5hSoS5Sm6GzkbYHbPpTPTFeVACtvWpcnuCIx5ThGfoH0XWjMkFMBgA/Mc5AfjB DjCYd3spQf2zLE55YK6i74b+6xt7hPA1OPCXA0mvioRZNGmHeKB1TAIdgk57+kZavFdm 3l7ww8ju7bZk6nS7RG0HQ10079IU3bV8ZjqwCqCJMzuErKL85AyxaILAkJuGehOtAXiQ Fbjoh2VT4MQ5+CYP3GIUe7ojp28nS323qSDezfC97PxlFv+BJZaL0y/eosapLfB2x0he sFX/sXFeqIEHF1dyO+sVwckh33KuvE+JTebIKCxBjDOmUpTJGQnrL2BpwRU/2HqyoxM6 BxQA==
MIME-Version 1.0
X-Received by 10.42.95.12 with SMTP id d12mr26480085icn.12.1423001302080; Tue, 03 Feb 2015 14:08:22 -0800 (PST)
In-Reply-To <vg3r3u6pyyy.fsf@coffee.modeemi.fi>
References <75fe0f21-3ffb-4649-ad06-0dcbdad631fa@googlegroups.com> <vg3wq3zpbi9.fsf@coffee.modeemi.fi> <54d0aeb9$0$12994$c3e8da3$5496439d@news.astraweb.com> <vg3r3u6pyyy.fsf@coffee.modeemi.fi>
Date Wed, 4 Feb 2015 09:08:22 +1100
Subject Re: Ghost vulnerability
From Chris Angelico <rosuav@gmail.com>
Cc "python-list@python.org" <python-list@python.org>
Content-Type text/plain; charset=UTF-8
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.18444.1423001304.18130.python-list@python.org> (permalink)
Lines 14
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1423001304 news.xs4all.nl 2829 [2001:888:2000:d::a6]:48286
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:85178

Show key headers only | View raw


On Wed, Feb 4, 2015 at 6:38 AM, Anssi Saari <as@sci.fi> wrote:
> Anyways, here's an example calling gethostbyname directly in python:
>
> from ctypes import CDLL
> o = CDLL('libc.so.6')
> for i in range(0, 2500):
>     o.gethostbyname('0'*i)
>
> I don't have a vulnerable system to test on any more though.

That bombs on my internal disk server, which is said to be vulnerable
using the C implementation.

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Ghost vulnerability Rustom Mody <rustompmody@gmail.com> - 2015-02-02 19:53 -0800
  Re: Ghost vulnerability Chris Angelico <rosuav@gmail.com> - 2015-02-03 15:38 +1100
  Re: Ghost vulnerability Anssi Saari <as@sci.fi> - 2015-02-03 11:53 +0200
    Re: Ghost vulnerability Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-02-03 22:19 +1100
      Re: Ghost vulnerability Michael Torrie <torriem@gmail.com> - 2015-02-03 10:31 -0700
      Re: Ghost vulnerability Anssi Saari <as@sci.fi> - 2015-02-03 21:38 +0200
        Re: Ghost vulnerability Chris Angelico <rosuav@gmail.com> - 2015-02-04 09:08 +1100
        Re: Ghost vulnerability Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-02-04 13:13 +1100
  Re: Ghost vulnerability Marc Aymerich <glicerinu@gmail.com> - 2015-02-03 18:47 +0100

csiph-web