Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871308
Category:Red Hat Local Security Checks
Title:RedHat Update for glibc RHSA-2015:0090-01
Summary:The remote host is missing an update for the 'glibc'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'glibc'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The glibc packages provide the standard C libraries (libc), POSIX thread
libraries (libpthread), standard math libraries (libm), and the Name
Server Caching Daemon (nscd) used by multiple programs on the system.
Without these libraries, the Linux system cannot function correctly.

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the gethostbyname()
and gethostbyname2() glibc function calls. A remote attacker able to make
an application call either of these functions could use this flaw to
execute arbitrary code with the permissions of the user running the
application. (CVE-2015-0235)

Red Hat would like to thank Qualys for reporting this issue.

All glibc users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

Affected Software/OS:
glibc on Red Hat Enterprise Linux (v. 5 server)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-0235
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
BugTraq ID: 72325
http://www.securityfocus.com/bid/72325
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Bugtraq: 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) (Google Search)
http://seclists.org/oss-sec/2015/q1/269
Bugtraq: 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow (Google Search)
http://seclists.org/oss-sec/2015/q1/274
Bugtraq: 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235 (Google Search)
http://www.securityfocus.com/archive/1/534845/100/0/threaded
Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search)
https://seclists.org/bugtraq/2019/Jun/14
Cisco Security Advisory: 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
Debian Security Information: DSA-3142 (Google Search)
http://www.debian.org/security/2015/dsa-3142
http://seclists.org/fulldisclosure/2015/Jan/111
http://seclists.org/fulldisclosure/2019/Jun/18
http://seclists.org/fulldisclosure/2021/Sep/0
https://security.gentoo.org/glsa/201503-04
HPdes Security Advisory: HPSBGN03247
http://marc.info/?l=bugtraq&m=142296726407499&w=2
HPdes Security Advisory: HPSBGN03270
http://marc.info/?l=bugtraq&m=142781412222323&w=2
HPdes Security Advisory: HPSBGN03285
http://marc.info/?l=bugtraq&m=142722450701342&w=2
HPdes Security Advisory: HPSBHF03289
http://marc.info/?l=bugtraq&m=142721102728110&w=2
HPdes Security Advisory: HPSBMU03330
http://marc.info/?l=bugtraq&m=143145428124857&w=2
HPdes Security Advisory: SSRT101937
HPdes Security Advisory: SSRT101953
http://www.mandriva.com/security/advisories?name=MDVSA-2015:039
http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
http://www.openwall.com/lists/oss-security/2021/05/04/7
RedHat Security Advisories: RHSA-2015:0126
http://rhn.redhat.com/errata/RHSA-2015-0126.html
http://www.securitytracker.com/id/1032909
http://secunia.com/advisories/62517
http://secunia.com/advisories/62640
http://secunia.com/advisories/62667
http://secunia.com/advisories/62680
http://secunia.com/advisories/62681
http://secunia.com/advisories/62688
http://secunia.com/advisories/62690
http://secunia.com/advisories/62691
http://secunia.com/advisories/62692
http://secunia.com/advisories/62698
http://secunia.com/advisories/62715
http://secunia.com/advisories/62758
http://secunia.com/advisories/62812
http://secunia.com/advisories/62813
http://secunia.com/advisories/62816
http://secunia.com/advisories/62865
http://secunia.com/advisories/62870
http://secunia.com/advisories/62871
http://secunia.com/advisories/62879
http://secunia.com/advisories/62883
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.