Advisory – The GHOST Security Vulnerability

A vulnerability in many Linux distributions

This vulnerability resides in the GNU C Library (glibc), and has the common vulnerability and exposures designation of CVE-2015-0235. It exposes a buffer overflow flaw via calls to gethostbyname() and similar function calls. If exploited, an attacker could execute arbitrary code with the permissions of the associated user running the application.

Although a patch issued 2 years ago would have rectified this flaw, most production versions of Linux haven’t previously incorporated the patch as a critical component. The risk can be mitigated by applying ‘current’ patches.

For more information see:
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

Or search for ‘ GHOST Vulnerability ‘ or ‘ CVE-2015-0235

If you have any furhter questions, please email support@netnorth.co.uk

Regards
Netnorth Support

Bookmark the permalink.

Leave a Reply