Meanwhile everybody knows about https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
In short: gethostbyname* class functions have a vulnerability. Qualys made up an exploit for Exim that sounds pretty bad. I had a (very quick) look at Wget and we are using gethostbyname() 1. in the case ENABLE_IPV6 is not set. 2. via gnulib getaddrinfo() which calls gethostbyname(). We use it in host.c/lookup_host(). From what I know, a prepared server may exploit this vulnerability in Wget as well. Despite updating glibc, what can we do ? Is it worth to remove gethostbyname() from Wget ? In this case we should not use gnulib getaddrinfo function and replace it by calling getaddrinfo directly, with a fallback to gnulib. And in case ENABLE_IPV6 is not set, we should replace gethostbyname() by getaddrinfo(). What do you think ? Tim
signature.asc
Description: This is a digitally signed message part.
