Ghost vulnerability
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Tue Feb 3 06:19:20 EST 2015
Anssi Saari wrote:
> Rustom Mody <rustompmody at gmail.com> writes:
>
>> How many people (actually machines) out here are vulnerable?
>>
>>
http://security.stackexchange.com/questions/80210/ghost-bug-is-there-a-simple-way-to-test-if-my-system-is-secure
>>
>> shows a python 1-liner to check
>
> Does that check actually work for anyone? That code didn't segfalt on my
> vulnerable Debian system but it did on my router which isn't (since the
> router doesn't use glibc). Oh and of course I can't comment on
> stinkexchange since I don't have whatever mana points they require...
Here's the one-liner:
python -c 'import socket;y="0"*50000000;socket.gethostbyname(y)'
I think it is likely that y="0"*50000000 would segfault due to lack of
memory on many machines. I wouldn't trust this as a test.
--
Steven
More information about the Python-list
mailing list