Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Ghost Vulnerability. Glibc buffer overflow. Maybe another hartbleeding. Go fix your system now.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Ghost Vulnerability. Glibc buffer overflow. Maybe another hartbleeding. Go fix your system now.

FirstVM_comFirstVM_com Member
edited January 2015 in General

A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

Read more details:

Youtube: https://youtube.com/watch?v=zHRRLsZtWAA

https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235

RedHat: https://rhn.redhat.com/errata/RHSA-2015-0090.html

Ubuntu: https://launchpad.net/ubuntu/+source/eglibc

Debian: https://security-tracker.debian.org/tracker/CVE-2015-0235

GNU C Library: http://www.gnu.org/software/libc/

Solution:

RHEL/CentOS : sudo yum update glibc

Ubuntu : sudo apt-get update ; sudo apt-get install libc6

Thanked by 1klikli

Comments

  • Pretty sure this about the third thread on this vulnerability.

    Thanked by 2eLohkCalb ATHK
  • ^ third

    Yeah it's too late to patch.

  • Misleading title. I thought there was another glibc vulnerability, a Ghost vulnerability (in the blog software) and maybe another OpenSSL one. :)

Sign In or Register to comment.