Ghost vulnerability
Anssi Saari
as at sci.fi
Tue Feb 3 14:38:29 EST 2015
Steven D'Aprano <steve+comp.lang.python at pearwood.info> writes:
> Here's the one-liner:
>
> python -c 'import socket;y="0"*50000000;socket.gethostbyname(y)'
>
>
> I think it is likely that y="0"*50000000 would segfault due to lack of
> memory on many machines. I wouldn't trust this as a test.
Hmm, how much RAM does that one-liner actually need? My router has 128
MB total RAM with about 90 MB free. So it can store the string once but
if it's copied with the gethostbyname call then it'll run out...
According to a Reddit thread
(http://www.reddit.com/r/Python/comments/2u7ghu/python_socketgethostbyname_is_not_affected_by/)
Python's socket.gethostbyname() doesn't actually even call the
gethostbyname function in glibc, it uses the newer getaddrinfo instead.
So it's a little unlikely to cause a segfault because of the Ghost vuln :)
Anyways, here's an example calling gethostbyname directly in python:
from ctypes import CDLL
o = CDLL('libc.so.6')
for i in range(0, 2500):
o.gethostbyname('0'*i)
I don't have a vulnerable system to test on any more though.
More information about the Python-list
mailing list