The guys at Qualys discovered a very interesting buffer overflow in the __nss_hostname_digits_dots() function of glibc. The main problem is that you can take advantage of this remotely via the gethostbyname*() functions, which are used in many applications. They dubbed this “GHOST” (due to the GetHOST… name). The CVE assigned to this is: CVE-2015-0235.

Currently, all distributions of Linux are vulnerable.
This was apparently fixed between glibc-2.17 and glibc-2.18, but it was ignored in the long term “stable” releases.

Here is some code to check if you are vulnerable:

Here is a way to find every service using libc:

If you are vulnerable, updates have already been pushed out by the vendors.
For Ubuntu/Debian, you can: apt-get update && sudo apt-get install –only-upgrade libc6 -y
For Centos/RHEL, you can: “yum update glibc”

A great summary of the key things can be found here:

A very good technical writeup of the details can be found here:

A few of the major linux distribution advisories:

Leave a Reply

Your email address will not be published. Required fields are marked *

>> NOTE: Please use <code>...</code> to post code/configs in your comment.

Post Navigation