FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

glibc -- gethostbyname buffer overflow

Affected packages
linux_base-c6 < 6.6_2
0 <= linux_base-f10
linux-c6-devtools < 6.6_3
0 <= linux-f10-devtools

Details

VuXML ID 0765de84-a6c1-11e4-a0c1-c485083ca99c
Discovery 2015-01-27
Entry 2015-01-28
Modified 2015-02-02

Robert Krátký reports:

GHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application. The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.

References

CVE Name CVE-2015-0235
URL http://www.openwall.com/lists/oss-security/2015/01/27/9
URL https://access.redhat.com/articles/1332213