vulnerability mitigation

CVE-2015-7547 Advisory & Mitigation

February 19, 2016 | By

Three days ago, Google publicly discussed a vulnerability in glibc that an adversary could exploit by crafting DNS requests for domains in their control. Given we operate DNS for our customers, this issue had our full attention. We wanted to take a moment to discuss our response to this issue and the additional precautions we have taken.

  • We immediately upgraded glibc across our infrastructure
  • We audited our own code for use of getaddrinfo
  • We applied the additional mitigation script from PowerDNS to all of our resolvers which will drop requests with responses greater than 2048 bytes
  • We added additional monitoring to immediately inform us if requests potentially trying to exploit this vulnerability are seen

These mitigations help protect users from malicious DNS responses trying to exploit this vulnerability. If you haven’t already, we urge you to ensure all your computers and phones have the latest security updates.

If you have any questions or concerns, please contact us.