DNS Resolver library testing

Holliday, Robert rhollida@ciena.com
Fri Aug 21 22:38:00 GMT 2015


I need help from the GLIBC community. 
It takes a lot of time to analyze them and figure out what the issues are with the code.

I have already submitted one to the libc-alpha mailing list, and nobody has even reviewed the issue.

-----Original Message-----
From: Ángel González [mailto:keisial@gmail.com] 
Sent: Friday, August 21, 2015 3:30 PM
To: Holliday, Robert
Cc: libc-help@sourceware.org
Subject: Re: DNS Resolver library testing

On 21/08/15 23:43, Holliday, Robert wrote:
> Is there a contact with the GLIBC library, that would be willing to 
> work with Codenomicon, to scan the DNS Resolver library, and report 
> the vulnerabilities to the GLIBC community, which would help get them fixed and make the DNS library used more secure?
>
> Please contact cross@codenomicon.com. They have worked with many other 
> open source projects to make them less vulnerable. I am not able to 
> get the DNS library scanned by them, they will only work with members of the GLIBC team.
>
> Thanks.
If you already have the tool, and have already found

"many zero-day vulnerabilities" on it, why is the contact to codenomicon needed?

I mean, I welcome that it gets fuzzed and codenomicon offers that, but IMHO that should be *in addition* of reporting (and fixing) the vulnerabilities you already found, which should be step 1.




More information about the Libc-help mailing list