Critical Vulnerability bug in Debian and Red Hat variants.

[konnn]

A critical bug that is present in *all* versions of Red Hat Enterprise Linux and variants (CentOS etc.) as well as Debian systems.

A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker could use this flaw to execute arbitary code with the permissions of the user running the application.

Info:
CVE-2015-0235
GHOST: glibc gethostbyname buffer overflow

Please upgrade and restart your systems so that the appropriate patch, which as already been released, can be applied.

Useful links:

- http://www.openwall.com/lists/oss-security/2015/01/27/9 ;;;(Qualys Security Advisory, original discovery)
- https://sourceware.org/bugzilla/show_bug.cgi?id=15014
- https://bugzilla.redhat.com/show_bug.cg ... -2015-0235
- https://access.redhat.com/security/cve/CVE-2015-0235
- https://cve.mitre.org/cgi-bin/cvename.c ... -2015-0235 ;;;(RESERVED)
- https://bugs.debian.org/cgi-bin/bugrepo ... bug=776391
- http://ma.ttias.be/critical-glibc-updat ... ame-calls/ ; ; *(Patch Information and attack vectors)*

[ΓιάννηςΤ]

http://www.securityweek.com/critical-gh ... ux-systems
Πληροφορήθηκα από CM Security.

[konnn]

Συγχωνεύθηκαν τα θέματα.

[ΓιάννηςΤ]

Συγχωνεύθηκαν τα θέματα.

Πολύ όμορφα! Ευχαριστώ και πολύ καλή δουλειά.