Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.lang.python > #85178

Re: Ghost vulnerability

References <75fe0f21-3ffb-4649-ad06-0dcbdad631fa@googlegroups.com> <vg3wq3zpbi9.fsf@coffee.modeemi.fi> <54d0aeb9$0$12994$c3e8da3$5496439d@news.astraweb.com> <vg3r3u6pyyy.fsf@coffee.modeemi.fi>
Date 2015-02-04 09:08 +1100
Subject Re: Ghost vulnerability
From Chris Angelico <rosuav@gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.18444.1423001304.18130.python-list@python.org> (permalink)

Show all headers | View raw


On Wed, Feb 4, 2015 at 6:38 AM, Anssi Saari <as@sci.fi> wrote:
> Anyways, here's an example calling gethostbyname directly in python:
>
> from ctypes import CDLL
> o = CDLL('libc.so.6')
> for i in range(0, 2500):
>     o.gethostbyname('0'*i)
>
> I don't have a vulnerable system to test on any more though.

That bombs on my internal disk server, which is said to be vulnerable
using the C implementation.

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Ghost vulnerability Rustom Mody <rustompmody@gmail.com> - 2015-02-02 19:53 -0800
  Re: Ghost vulnerability Chris Angelico <rosuav@gmail.com> - 2015-02-03 15:38 +1100
  Re: Ghost vulnerability Anssi Saari <as@sci.fi> - 2015-02-03 11:53 +0200
    Re: Ghost vulnerability Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-02-03 22:19 +1100
      Re: Ghost vulnerability Michael Torrie <torriem@gmail.com> - 2015-02-03 10:31 -0700
      Re: Ghost vulnerability Anssi Saari <as@sci.fi> - 2015-02-03 21:38 +0200
        Re: Ghost vulnerability Chris Angelico <rosuav@gmail.com> - 2015-02-04 09:08 +1100
        Re: Ghost vulnerability Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-02-04 13:13 +1100
  Re: Ghost vulnerability Marc Aymerich <glicerinu@gmail.com> - 2015-02-03 18:47 +0100

csiph-web