A critical bug that is present in *all* versions of Red Hat Enterprise Linux and variants (CentOS etc.) as well as Debian systems.
A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker could use this flaw to execute arbitary code with the permissions of the user running the application.
Info:
CVE-2015-0235
GHOST: glibc gethostbyname buffer overflow
Please upgrade and restart your systems so that the appropriate patch, which as already been released, can be applied.
Useful links:
- http://www.openwall.com/lists/oss-security/2015/01/27/9 ;;;(Qualys Security Advisory, original discovery)
- https://sourceware.org/bugzilla/show_bug.cgi?id=15014
- https://bugzilla.redhat.com/show_bug.cg ... -2015-0235
- https://access.redhat.com/security/cve/CVE-2015-0235
- https://cve.mitre.org/cgi-bin/cvename.c ... -2015-0235 ;;;(RESERVED)
- https://bugs.debian.org/cgi-bin/bugrepo ... bug=776391
- http://ma.ttias.be/critical-glibc-updat ... ame-calls/ ; ; *(Patch Information and attack vectors)*