This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
RE: DNS Resolver library testing
- From: "Holliday, Robert" <rhollida at ciena dot com>
- To: "libc-help at sourceware dot org" <libc-help at sourceware dot org>
- Date: Fri, 21 Aug 2015 17:43:00 -0400
- Subject: RE: DNS Resolver library testing
- Authentication-results: sourceware.org; auth=none
There are many vulnerabilities in the DNS Resolver library.
I have found many zero-day vulnerabilities in the DNS Resolver library in the current version of the GLIBC
library using Codenomicon Defensics, a fuzz testing tool.
I wanted to coordinate free Fuzz testing of the DNS Resolver library with Codenomicon Defensics,
a commercial powerful fuzz testing tool. They are willing to work with Open Source projects to
find vulnerabilities in their software.
Is there a contact with the GLIBC library, that would be willing to work with Codenomicon,
to scan the DNS Resolver library, and report the vulnerabilities to the GLIBC community,
which would help get them fixed and make the DNS library used more secure?
Please contact cross@codenomicon.com. They have worked with many other
open source projects to make them less vulnerable. I am not able to get the
DNS library scanned by them, they will only work with members of the GLIBC team.
Thanks.