This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RE: DNS Resolver library testing

From: "Holliday, Robert" <rhollida at ciena dot com>
To: "libc-help at sourceware dot org" <libc-help at sourceware dot org>
Date: Fri, 21 Aug 2015 17:43:00 -0400
Subject: RE: DNS Resolver library testing
Authentication-results: sourceware.org; auth=none

There are many vulnerabilities in the DNS Resolver library.

I have found many zero-day vulnerabilities in the DNS Resolver library in the current version of the GLIBC
library using Codenomicon Defensics, a fuzz testing tool.

I wanted to coordinate free Fuzz testing of the DNS Resolver library with Codenomicon Defensics,
a commercial powerful fuzz testing tool. They are willing to work with Open Source projects to
find vulnerabilities in their software. 

Is there a contact with the GLIBC library, that would be willing to work with Codenomicon, 
to scan the DNS Resolver library, and report the vulnerabilities to the GLIBC community,
which would help get them fixed and make the DNS library used more secure?

Please contact cross@codenomicon.com. They have worked with many other 
open source projects to make them less vulnerable. I am not able to get the
DNS library scanned by them, they will only work with members of the GLIBC team.

Thanks.

Follow-Ups:
- Re: DNS Resolver library testing
  - From: Ángel González

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]