Cisco analyzes the GHOST vulnerability:?] So? Terrible
Source: Internet
Author: User
Cisco's Security Intelligence Research Team TalosGroup pointed out that the GHOST vulnerability exposed by Qualys recently allowed hackers to execute arbitrary programs from the remote end. Although it was a major vulnerability, it was not so terrible. This vulnerability occurs when the host name is converted to the GetHost function of the IP address in the GNUC Library (glibc). Therefore, it is referred to as GHOST. Qualys finds a delay in _ nss_hostname_digits_dots? The zone overflow vulnerability, whether it is the security intelligence research team Talos Group that runs gethostby Cisco, points out that the GHOST vulnerability recently revealed by Qualys allows hackers to execute arbitrary programs from the remote end, although it is a major vulnerability, but it's not that terrible.
This vulnerability occurs when the host name is converted to the GetHost function of the IP address in the gnu c library (glibc). Therefore, it is referred to as GHOST. Qualys finds a delay in _ nss_hostname_digits_dots? This vulnerability may be triggered by the gethostbyname () or gethostbyname2 () function, allowing remote attackers to execute arbitrary programs and control the system.
However, Talos Group believes that this major vulnerability is not so terrible. One of the reasons is that these two features did not support IPv6, so they were gradually eliminated about 15 years ago. getaddrinfo (), which supports IPv6 and is used to replace the above features, does not have this vulnerability. Second, you must accept the Host Name and still use the gethostbyname () or gethostbyname2 () function to launch attacks.
In addition, the related functions limit the formats of available host names, except that the host names must be composed of numbers and. in addition to dot, the first character of the host name must be ., but the last character cannot be ., few applications accept input in this data format.
Talos Group indicates that, even if it is a vulnerability that allows remote program attacks, its restriction reduces its threat. Hackers must use one of the functions of gethostbyname () or gethostbyname2, it must comply with strange rules. In actual scenarios, the most likely result is a memory segment error rather than a remote program attack.
Currently, Talos Group has not found any attack reports against the vulnerability, but it is expected that the situation may change after the operator adds the conceptual verification program of the vulnerability to the Metasploit penetration kit.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
