Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
jerematasno
on Jan 28, 2015
|
parent
|
context
|
favorite
| on:
CVE-2015-0235 – GHOST: glibc gethostbyname buffer ...
It doesn't have to be internet accessible, AFAIK. If an attacker can get something to do arbitrary DNS lookups, I think it can be attacked. For instance, monitoring/log correlation software might be vulnerable.
NickNameNick
on Jan 28, 2015
[–]
If you have backend systems parsing XML, then an XXE[1] attack could trigger a DNS lookup, for example.
[1]
https://www.owasp.org/index.php/XML_External_Entity_%28XXE%2...
sarciszewski
on Jan 30, 2015
|
parent
[–]
Ooh, that could lead to some very interesting attack vectors. :D
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: