Hi,
This is an on-going investigation. Indeed, applications using the Tor
socks port for name resolution are not vulnerable for this attack.
An automated test was ran trying to determine (using the public proof of
concept) whether any application was vulnerable, so far, we're on the
safe side
Hi,
my understanding is that clients that use Tor SOCKS port for name
resolution are fine.
For clients who use the DNSPort, it's not clear to me if an
attacker-controlled payload can make it's way from the exit node being
used for the name resolution to the client. Has anyone looked
into this?
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
especially curl from htpdate, torbrowser, etc. If affected, exits could
easily do MITM on DNS lookups.
