JFYI
Here is a list of potential targets that we investigated (they all call
*gethostbyname*, one way or another), but to the best of our knowledge,
the buffer overflow cannot be triggered in any of them:
apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, *nginx*, nodejs, openldap, openssh, postfix, proftpd,
pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,
vsftpd, xinetd.
http://seclists.org/oss-sec/2015/q1/283
--
Yours sincerely,
Vladimir Getmanshchuk
_______________________________________________
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru