Subject: The ares_create_query security vulnerability

The ares_create_query security vulnerability

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sun, 16 Oct 2016 00:46:47 +0200 (CEST)

Hi friends,

Just wanted to mention that the CVE-2016-5180 problem we fixed back on
September 29th in c-ares 1.12.0 played an important part in root code
execution exploit, and yesterday I blogged some details for those interested:

https://daniel.haxx.se/blog/2016/10/14/a-single-byte-write-opened-a-root-execution-exploit/

-- 
  / daniel.haxx.se

Received on 2016-10-16

This message: [ Message body ]
Next message: bch: "Re: The ares_create_query security vulnerability"
Previous message: Brad House via c-ares: "Re: [PATCH] Cmake-ify c-ares -- v2"
Next in thread: bch: "Re: The ares_create_query security vulnerability"
Reply: bch: "Re: The ares_create_query security vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]