wrap START container START header START banner START banner END Dan Kaminsky's Blog (Or: The Blog Formerly Known As DoxPara Research) header END navigation START menus START Home Imagery lulz Security menus END searchbox START searchbox END navigation END content START main START Home > Security > A Skeleton Key of Unknown Strength February 20, 2016 Dan Kaminsky Leave a comment Go to comments TL;DR:  The glibc DNS bug ( CVE-2015-7547 ) is unusually bad.  Even Shellshock and Heartbleed tended to affect things we knew were on the network and knew we had to defend.  This affects a universally used library (glibc) at a universally used protocol (DNS).  Generic tools that we didn’t even know had network surface (sudo) are thus exposed, as is software written in programming languages designed explicitly to be safe. Who can exploit this ...