search menu icon-carat-right cmu-wordmark

CERT Coordination Center

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

Vulnerability Note VU#967332

Original Release Date: 2015-01-28 | Last Revised: 2015-10-22

Overview

The __nss_hostname_digits_dots() function of the GNU C Library (glibc) allows a buffer overflow condition in which arbitrary code may be executed. This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name "GHOST".

Description

According to Qualys, the vulnerability is "a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions" and furthermore, "arbitrary code execution can be achieved" by use of the buffer overflow.

All versions of glibc from glibc-2.2 (released 2010-11-10) until glibc-2.17 are vulnerable. The vulnerability was patched on 2013-05-21, prior to the release of glibc-2.18.

For more details, please see the full Qualys Security Advisory.

Impact

The __nss_hostname_digits_dots() function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.

Solution

Apply an update

Affected users may apply a patch or update to glibc-2.18 or later. The Vendor Status information below provides more information on updates.

Vendor Information

Some older, no longer supported versions of linux distributions may contain an older version of glibc that is vulnerable. Please check with your vendor to find out if you need to upgrade to a newer operating system in order to address this issue.

967332
 

View all 26 vendors View less vendors


CVSS Metrics

Group Score Vector
Base 10 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 7.8 E:POC/RL:OF/RC:C
Environmental 5.9 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Credit to Qualys for discovering the vulnerability.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2015-0235
Date Public: 2015-01-28
Date First Published: 2015-01-28
Date Last Updated: 2015-10-22 13:00 UTC
Document Revision: 25

Sponsored by CISA.