GHOST: glibc gethostbyname buffer overflow
A buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions and is a vulnerability for Linux systems.
There are a number of mitigating factors for the impact of this vulnerability
- the limited amount of memory that can be overwritten by the attacker
- it was fixed in 2013 as a non security bug (so not backported to older versions)
- patches are available now
- many common services using libc appear to NOT be vulnerable including Apache, Cups, Dovecot, GnuPG, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, and xinetd,
Currently only the Exim mail server appears to be remotely exploitable using this vulnerability.
Detailed technical information on the vulnerability is available here: http://www.openwall.com/lists/oss-security/2015/01/27/9
Recommendation
Update libc on your Linux systems.
Comments