Aerosol Posted February 1, 2015 Report Share Posted February 1, 2015 DescriptionHeap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code viavectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers toremotely take complete control of the victim system without having any prior knowledge ofsystem credentials.CVE-2015-0235has been assigned to this issue.Qualys security researchers discovered this bug and worked closely with Linux distributionvendors. And as a result of that we are releasingthisadvisorytoday as acoordinatedeffort, andpatches for all distribution are available January 27, 2015.Read more: http://dl.packetstormsecurity.net/papers/general/securing-ghost.pdf Quote Link to comment Share on other sites More sharing options...
Nytro Posted February 1, 2015 Report Share Posted February 1, 2015 BIG SHIT. Sa-i fut in inima pe toti indienii aia nespalati.Jegosii astia au luat 95% Copy/Paste din advisory-ul initial si l-au publicat ca si cum ar fi facut cine stie ce studiu independent. MUIE INDIA! Quote Link to comment Share on other sites More sharing options...
Gushterul Posted February 1, 2015 Report Share Posted February 1, 2015 Si nu e "how to secure" deloc, modifica-i titlul;) Quote Link to comment Share on other sites More sharing options...
Nytro Posted February 1, 2015 Report Share Posted February 1, 2015 I-am pus un titlu adecvat. Quote Link to comment Share on other sites More sharing options...