The Broadband Guide
search advanced
 forgot password?

Critical glibc bug puts a huge number of Linux machines and routers at risk

2016-02-17 12:19 by


Researchers have discovered a critical bug in the GNU C Library (glibc) that appears to be originally introduced in 2008 with version 2.9 of the library. Glibc is a collection of open source code that provides core functions across Linux. It powers thousands of applications and most Linux distributions, including many routers, firewalls and other types of network hardware.

More specifically, the discovered bug has to do with a buffer overflow in a function known as getaddrinfo() that performs DNS lookups. It can be exploited when vulnerable devices or software make DNS queries to attacker-controlled domains (or DNS servers), or when exposed to a man-in-the-middle attack.  All versions of glibc after 2.9 are vulnerable.

There has been a patch released for the vulnerability on 2016-02-16 here, however, it will be a long time before it can propagate to the majority of apps and distributions. There are some possible mitigations of the bug impact, including limiting DNS reply packet sizes.

Read more here:

Ars Technica article
The Hacker News article


  User Reviews/Comments:
by anonymous - 2016-02-21 15:50
Any know when ms plan to tackle this issue ? Since everything is Linus based somewhere along the way it would be nice if ms also patched somehow even if they aren't directly affected their customer are still affected indirectly. And with internet of things just around it will only get worst
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About