Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions prior to 2.18, allows context-dependent malicious users to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu glibc |
||
oracle communications policy management 12.1.1 |
||
oracle communications policy management 9.9.1 |
||
oracle communications eagle application processor 16.0 |
||
oracle exalogic infrastructure 1.0 |
||
oracle communications policy management 10.4.1 |
||
oracle exalogic infrastructure 2.0 |
||
oracle communications webrtc session controller 7.0 |
||
oracle communications webrtc session controller 7.2 |
||
oracle communications webrtc session controller 7.1 |
||
oracle communications policy management 11.5 |
||
oracle linux 7 |
||
oracle communications session border controller 8.0.0 |
||
oracle communications eagle lnp application processor 10.0 |
||
oracle linux 5 |
||
oracle communications lsms 13.1 |
||
oracle communications user data repository |
||
oracle communications application session controller |
||
oracle communications policy management 9.7.3 |
||
oracle vm virtualbox |
||
oracle communications session border controller 7.2.0 |
||
oracle communications session border controller |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
redhat virtualization 6.0 |
||
apple mac os x |
||
ibm pureapplication system 1.1.0.0 |
||
ibm pureapplication system 2.0.0.0 |
||
ibm security access manager for enterprise single sign-on 8.2 |
||
ibm pureapplication system 1.0.0.0 |
||
php php |
Serious – but it's no Heartbleed
The latest high-profile security vulnerability affecting Linux systems is serious but nowhere near as bad as the infamous Heartbleed flaw, according to security experts. Hackers might be able to use the so-called GHOST flaw to plant malware or seize control of some Linux-based systems. Security researchers at cloud security firm Qualys found a critical vulnerability in Linux, specifically the GNU C Library (glib). The vulnerability – nicknamed “GHOST” – allows attackers to remotely hack ...
When there's something strange in your gethostbyname, who y'gonna call? Ghostbusters
Security researchers have uncovered a critical bug in the GNU C Library (glibc), a key component of Linux and some other operating systems, which could render countless machines vulnerable to remote code execution attacks. The flaw, which was discovered by Qualys and assigned CVE-2015-0235, is known as the GHOST vulnerability because it can be triggered by the library's gethostbyname family of functions. An attacker who successfully exploits the flaw can potentially gain complete control over an...