Ghost vulnerability
Chris Angelico
rosuav at gmail.com
Tue Feb 3 17:08:22 EST 2015
On Wed, Feb 4, 2015 at 6:38 AM, Anssi Saari <as at sci.fi> wrote:
> Anyways, here's an example calling gethostbyname directly in python:
>
> from ctypes import CDLL
> o = CDLL('libc.so.6')
> for i in range(0, 2500):
> o.gethostbyname('0'*i)
>
> I don't have a vulnerable system to test on any more though.
That bombs on my internal disk server, which is said to be vulnerable
using the C implementation.
ChrisA
More information about the Python-list
mailing list