This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VN-2015-001 – “GHOST” – CVE-2015-0235

VN-2015-001 – “GHOST” – CVE-2015-0235

Drew_C
Valued Contributor III

‎01-29-2015 10:47 PM

Summary
A serious vulnerability has been discovered in two legacy functions that are related to DNS resolution in glibc. Due to the fact that glibc is a fundamental OS component used by many pieces of "userland" software, this vulnerability is a high priority for remediation.

Background (From the CVE Project)
There is a heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18. This allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST.”

Published
2015-01-27

CVSS Severity
10 (from NVD/NIST)

Additional information and product vulnerability status can be found here:
http://learn.extremenetworks.com/rs/extreme/images/VN-2015-001_GHOST_CVE-2015-0235.pdf

The above linked PDF will be updated as we receive more information.
0 Kudos
5 REPLIES 5

Drew_C
Valued Contributor III
In response to Ronald_Dvorak

‎02-22-2016 10:19 AM

Ron, CVE-2015-7547 is a different issue. It looks like we'll have a first response out later today or tomorrow, which I'll share a link to. Thanks for asking!

-Drew

0 Kudos
GTM-P2G8KFN