Cisco's GHOST vulnerability analysis: not so terrible

Source: Internet
Author: User

Cisco's GHOST vulnerability analysis: not so terrible
Cisco's Security Intelligence Research Team Talos Group pointed out that the GHOST vulnerability exposed by Qualys recently allowed hackers to execute arbitrary programs from the remote end. Although it was a major vulnerability, it was not so terrible.

This vulnerability occurs when the host name is converted to the GetHost function of the IP address in the gnu c library (glibc). Therefore, it is referred to as GHOST. Qualys detects a buffer overflow vulnerability in _ nss_hostname_digits_dots (), which may be triggered by the gethostbyname () or gethostbyname2 () function, allows remote attackers to execute arbitrary programs and control the system.


However, Talos Group believes that this major vulnerability is not so terrible. One of the reasons is that these two features did not support IPv6, so they were gradually eliminated about 15 years ago. getaddrinfo (), which supports IPv6 and is used to replace the above features, does not have this vulnerability. Second, you must accept the Host Name and still use the gethostbyname () or gethostbyname2 () function to launch attacks.

In addition, the related functions limit the formats of available host names, except that the host names must be composed of numbers and. in addition to dot, the first character of the host name must be ., but the last character cannot be ., few applications accept input in this data format.

Talos Group indicates that, even if it is a vulnerability that allows remote program attacks, its restriction reduces its threat. Hackers must use one of the functions of gethostbyname () or gethostbyname2, it must comply with strange rules. In actual scenarios, the most likely result is a memory segment error rather than a remote program attack.

Currently, Talos Group has not found any attack reports against the vulnerability, but it is expected that the situation may change after the operator adds the conceptual verification program of the vulnerability to the Metasploit penetration kit.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.