Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #85169

Re: Ghost vulnerability

From Anssi Saari <as@sci.fi>
Newsgroups comp.lang.python
Subject Re: Ghost vulnerability
Date 2015-02-03 21:38 +0200
Organization An impatient and LOUD arachnid
Message-ID <vg3r3u6pyyy.fsf@coffee.modeemi.fi> (permalink)
References <75fe0f21-3ffb-4649-ad06-0dcbdad631fa@googlegroups.com> <vg3wq3zpbi9.fsf@coffee.modeemi.fi> <54d0aeb9$0$12994$c3e8da3$5496439d@news.astraweb.com>

Show all headers | View raw


Steven D'Aprano <steve+comp.lang.python@pearwood.info> writes:

> Here's the one-liner:
>
> python -c 'import socket;y="0"*50000000;socket.gethostbyname(y)'
>
>
> I think it is likely that y="0"*50000000 would segfault due to lack of
> memory on many machines. I wouldn't trust this as a test.

Hmm, how much RAM does that one-liner actually need? My router has 128 
MB total RAM with about 90 MB free. So it can store the string once but
if it's copied with the gethostbyname call then it'll run out...

According to a Reddit thread
(http://www.reddit.com/r/Python/comments/2u7ghu/python_socketgethostbyname_is_not_affected_by/)
Python's socket.gethostbyname() doesn't actually even call the
gethostbyname function in glibc, it uses the newer getaddrinfo instead.
So it's a little unlikely to cause a segfault because of the Ghost vuln :)

Anyways, here's an example calling gethostbyname directly in python:

from ctypes import CDLL
o = CDLL('libc.so.6')
for i in range(0, 2500):
    o.gethostbyname('0'*i)

I don't have a vulnerable system to test on any more though.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Ghost vulnerability Rustom Mody <rustompmody@gmail.com> - 2015-02-02 19:53 -0800
  Re: Ghost vulnerability Chris Angelico <rosuav@gmail.com> - 2015-02-03 15:38 +1100
  Re: Ghost vulnerability Anssi Saari <as@sci.fi> - 2015-02-03 11:53 +0200
    Re: Ghost vulnerability Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-02-03 22:19 +1100
      Re: Ghost vulnerability Michael Torrie <torriem@gmail.com> - 2015-02-03 10:31 -0700
      Re: Ghost vulnerability Anssi Saari <as@sci.fi> - 2015-02-03 21:38 +0200
        Re: Ghost vulnerability Chris Angelico <rosuav@gmail.com> - 2015-02-04 09:08 +1100
        Re: Ghost vulnerability Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-02-04 13:13 +1100
  Re: Ghost vulnerability Marc Aymerich <glicerinu@gmail.com> - 2015-02-03 18:47 +0100

csiph-web