DNS Resolver library testing
Ángel González
keisial@gmail.com
Fri Aug 21 22:30:00 GMT 2015
On 21/08/15 23:43, Holliday, Robert wrote:
> Is there a contact with the GLIBC library, that would be willing to work with Codenomicon,
> to scan the DNS Resolver library, and report the vulnerabilities to the GLIBC community,
> which would help get them fixed and make the DNS library used more secure?
>
> Please contact cross@codenomicon.com. They have worked with many other
> open source projects to make them less vulnerable. I am not able to get the
> DNS library scanned by them, they will only work with members of the GLIBC team.
>
> Thanks.
If you already have the tool, and have already found
"many zero-day vulnerabilities" on it, why is the contact to codenomicon needed?
I mean, I welcome that it gets fuzzed and codenomicon offers that, but IMHO that should be *in addition* of reporting (and fixing) the vulnerabilities you already found, which should be step 1Â…
More information about the Libc-help
mailing list