This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

VN-2015-001 – “GHOST” – CVE-2015-0235

VN-2015-001 – “GHOST” – CVE-2015-0235

Drew_C
Valued Contributor III

‎01-29-2015 10:47 PM

Summary
A serious vulnerability has been discovered in two legacy functions that are related to DNS resolution in glibc. Due to the fact that glibc is a fundamental OS component used by many pieces of "userland" software, this vulnerability is a high priority for remediation.

Background (From the CVE Project)
There is a heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18. This allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST.”

Published
2015-01-27

CVSS Severity
10 (from NVD/NIST)

Additional information and product vulnerability status can be found here:
http://learn.extremenetworks.com/rs/extreme/images/VN-2015-001_GHOST_CVE-2015-0235.pdf

The above linked PDF will be updated as we receive more information.
0 Kudos
5 REPLIES 5

Ronald_Dvorak
Honored Contributor

‎02-22-2016 10:19 AM

Drew is that the same issue ?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547

Thx,
Ron
0 Kudos

Ronald_Dvorak
Honored Contributor
In response to Ronald_Dvorak

‎02-22-2016 10:19 AM

Thx
0 Kudos

Drew_C
Valued Contributor III
In response to Ronald_Dvorak

‎02-22-2016 10:19 AM

Ron, we have published VN-2006-003 to address this new glibc vulnerability.
https://community.extremenetworks.com/extreme/topics/vn-2016-003-glibc-vulnerability-cve-2015-7547

0 Kudos

Ronald_Dvorak
Honored Contributor
In response to Ronald_Dvorak

‎02-22-2016 10:19 AM

Drew, any update on that issue ?

Thx,
Ron
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN