The Archives

  • 28.Jan.15
    GHOST Vulnerability: glibc gethostbyname buffer overflow news, security | rafacas | (0)
    The GHOST vulnerability was discovered and disclosed by Qualys. It is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. CVE-2015-0235 has been assigned to this issue. Qualys researchers discovered a buffer overflow in the __nss_hostname_digits_dots() function of glibc. This bug can be triggered both locally and remotely via all the gethostbyname*() functions. Applications have access to the DNS resolver primarily through the gethostbyname*() set of functions. These functions convert a hostname into an IP address. They have developed a full-fledged remote ...