Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure ?

Editorial_Staff_Team's picture

Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure ?

The security researcher and analyst of Akati Consulting Pvt Ltd  (Rajivarnan R.) discovered a prevention white-paper that explains the impact of the Glibc (Linux) Ghost Vulnerability.

[CVE-ID 2015-0235]

A Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. CVE-2015-0235 has been assigned to this issue.

Qualys security researchers discovered this bug and worked closely with Linux distribution vendors. And as a result of that we are releasing this advisory today as a coordinated effort, and patches for all distribution are available January 27, 2015.

Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure

URL: http://www.vulnerability-lab.com/resources/documents/1430.pdf

Document: http://www.vulnerability-lab.com/get_content.php?id=1430

Rate this article: 
Average: 4 (8 votes)

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.