Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #85169
| From | Anssi Saari <as@sci.fi> |
|---|---|
| Newsgroups | comp.lang.python |
| Subject | Re: Ghost vulnerability |
| Date | 2015-02-03 21:38 +0200 |
| Organization | An impatient and LOUD arachnid |
| Message-ID | <vg3r3u6pyyy.fsf@coffee.modeemi.fi> (permalink) |
| References | <75fe0f21-3ffb-4649-ad06-0dcbdad631fa@googlegroups.com> <vg3wq3zpbi9.fsf@coffee.modeemi.fi> <54d0aeb9$0$12994$c3e8da3$5496439d@news.astraweb.com> |
Steven D'Aprano <steve+comp.lang.python@pearwood.info> writes:
> Here's the one-liner:
>
> python -c 'import socket;y="0"*50000000;socket.gethostbyname(y)'
>
>
> I think it is likely that y="0"*50000000 would segfault due to lack of
> memory on many machines. I wouldn't trust this as a test.
Hmm, how much RAM does that one-liner actually need? My router has 128
MB total RAM with about 90 MB free. So it can store the string once but
if it's copied with the gethostbyname call then it'll run out...
According to a Reddit thread
(http://www.reddit.com/r/Python/comments/2u7ghu/python_socketgethostbyname_is_not_affected_by/)
Python's socket.gethostbyname() doesn't actually even call the
gethostbyname function in glibc, it uses the newer getaddrinfo instead.
So it's a little unlikely to cause a segfault because of the Ghost vuln :)
Anyways, here's an example calling gethostbyname directly in python:
from ctypes import CDLL
o = CDLL('libc.so.6')
for i in range(0, 2500):
o.gethostbyname('0'*i)
I don't have a vulnerable system to test on any more though.
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Ghost vulnerability Rustom Mody <rustompmody@gmail.com> - 2015-02-02 19:53 -0800
Re: Ghost vulnerability Chris Angelico <rosuav@gmail.com> - 2015-02-03 15:38 +1100
Re: Ghost vulnerability Anssi Saari <as@sci.fi> - 2015-02-03 11:53 +0200
Re: Ghost vulnerability Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-02-03 22:19 +1100
Re: Ghost vulnerability Michael Torrie <torriem@gmail.com> - 2015-02-03 10:31 -0700
Re: Ghost vulnerability Anssi Saari <as@sci.fi> - 2015-02-03 21:38 +0200
Re: Ghost vulnerability Chris Angelico <rosuav@gmail.com> - 2015-02-04 09:08 +1100
Re: Ghost vulnerability Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-02-04 13:13 +1100
Re: Ghost vulnerability Marc Aymerich <glicerinu@gmail.com> - 2015-02-03 18:47 +0100
csiph-web