Vulnerability Note VU#967332
GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow
Original Release date: 28 Jan 2015 | Last revised: 30 Jan 2015

Overview
The __nss_hostname_digits_dots() function of the GNU C Library (glibc) allows a buffer overflow condition in which arbitrary code may be executed. This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name "GHOST".

Description
According to Qualys, the vulnerability is "a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions" and furthermore, "arbitrary code execution can be achieved" by use of the buffer overflow.
All versions of glibc from glibc-2.2 (released 2010-11-10) until glibc-2.17 are vulnerable. The vulnerability was patched on 2013-05-21, prior to the release of glibc-2.18.

For more details, please see the full Qualys Security Advisory.

Impact
The __nss_hostname_digits_dots() function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.

Solution
Apply an update

Affected users may apply a patch or update to glibc-2.18 or later. The Vendor Status information below provides more information on updates.

Vendor Information (Learn More)
Some older, no longer supported versions of linux distributions may contain an older version of glibc that is vulnerable. Please check with your vendor to find out if you need to upgrade to a newer operating system in order to address this issue.

VendorStatusDate NotifiedDate UpdatedArch LinuxAffected28 Jan 201530 Jan 2015
Blue Coat SystemsAffected-30 Jan 2015
Cisco Systems, Inc.Affected-30 Jan 2015
CitrixAffected-30 Jan 2015
Debian GNU/LinuxAffected28 Jan 201528 Jan 2015
F5 Networks, Inc.Affected-30 Jan 2015
Gentoo LinuxAffected28 Jan 201530 Jan 2015
Juniper Networks, Inc.Affected-30 Jan 2015
NetAppAffected-30 Jan 2015
openSUSE projectAffected28 Jan 201530 Jan 2015
Openwall GNU/*/LinuxAffected28 Jan 201530 Jan 2015
Red Hat, Inc.Affected28 Jan 201530 Jan 2015
Slackware Linux Inc.Affected28 Jan 201528 Jan 2015
SUSE LinuxAffected28 Jan 201528 Jan 2015
UbuntuAffected28 Jan 201528 Jan 2015If you are a vendor and your product is affected, let
us know.View More &raquo

CVSS Metrics (Learn More)

Group
Score
Vector

Base
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal
7.8
E:POC/RL:OF/RC:C

Environmental
5.9
CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
http://www.openwall.com/lists/oss-security/2015/01/27/9

Credit

Credit to Qualys for discovering the vulnerability.
This document was written by Garret Wassermann.

Other Information

CVE IDs:
CVE-2015-0235

Date Public:
28 Jan 2015

Date First Published:
28 Jan 2015

Date Last Updated:
30 Jan 2015

Document Revision:
22

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply