Glibc gethostbyname Buffer Overflow Vulnerability (CVE-2015-0235)

Glibc gethostbyname Buffer Overflow Vulnerability (CVE-2015-0235)

Release date:
Updated on:

Affected Systems:
GNU glibc< 2.18
Unaffected system:
The GNU glibc 2.18
Description:
Bugtraq id: 72325
CVE (CAN) ID: CVE-2015-0235

Glibc is the libc library released by GNU, that is, the c Runtime Library. Glibc is the most underlying api in linux, and almost any other Runtime Library depends on glibc.

In versions earlier than glibc 2.18, The __nss_hostname_digits_dots () function has the heap buffer overflow vulnerability. This function is used when the gethostbyname () and gethostbyname2 () glibc functions are called. If a remote attacker can call any of these functions, the vulnerability can be exploited to execute arbitrary code with the current user permission. Although this vulnerability was fixed in May 21, 2013 (A version between glibc-2.17 and glibc-2.18), it is not considered a vulnerability and currently has an impact such as Debian 7 (wheezy ), red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04, and many other Linux distributions.

This vulnerability is triggered by calling the gethostbyname () method by the application. The vulnerability can be triggered only when multiple conditions are met. Currently, most local SUID programs and service programs are not affected. Currently, the affected application is known as the exim4 mail service program. If you have set additional security checks for HELO and EHELO commands (not the default configuration), you can remotely execute arbitrary code.

<* Source: Qualys

Link: https://bugzilla.redhat.com/show_bug.cgi? CVE-2015-0235
Http://www.openwall.com/lists/oss-security/2015/01/27/9
*>

Suggestion:
Vendor patch:

GNU
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.gnu.org
Https://sourceware.org/git? P = glibc. git; a = commit; h = d5dd6189d506068ed11c8bfa1e1e9bffde04decd

Refer:

Http://www.openwall.com/lists/oss-security/2015/01/27/9
Https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

Dangerous! GHOST (GHOST) vulnerability exposure

GNU glibc gethostbyname Buffer Overflow Vulnerability

This article permanently updates the link address: