CERTVU:967332GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Overview
The __nss_hostname_digits_dots() function of the GNU C Library (glibc) allows a buffer overflow condition in which arbitrary code may be executed. This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name “GHOST”.
Description
According to Qualys, the vulnerability is “a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions” and furthermore, “arbitrary code execution can be achieved” by use of the buffer overflow.
All versions of glibc from glibc-2.2 (released 2010-11-10) until glibc-2.17 are vulnerable. The vulnerability was patched on 2013-05-21, prior to the release of glibc-2.18.
For more details, please see the full Qualys Security Advisory.
Impact
The __nss_hostname_digits_dots() function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.
Solution
Apply an update
Affected users may apply a patch or update to glibc-2.18`` or later. The Vendor Status information below provides more information on updates.
Vendor Information
Some older, no longer supported versions of linux distributions may contain an older version of glibc that is vulnerable. Please check with your vendor to find out if you need to upgrade to a newer operating system in order to address this issue.
967332
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Arch Linux __ Affected
Notified: January 28, 2015 Updated: January 30, 2015
Statement Date: January 28, 2015
Status
Affected
Vendor Statement
“Arch Linux is not vulnerable. [Arch Linux is] on a modern version of glibc so [Arch Linux] should have been safe for 18+ months.”
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
If using an edition of Arch Linux older than about 18 months, you may wish to check with the vendor to find out if you need to upgrade.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23967332 Feedback>).
Blue Coat Systems Affected
Updated: January 30, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Cisco Systems, Inc. Affected
Updated: January 30, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Citrix Affected
Updated: January 30, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Debian GNU/Linux Affected
Notified: January 28, 2015 Updated: January 28, 2015
Statement Date: January 28, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
F5 Networks, Inc. Affected
Updated: January 30, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Gentoo Linux __ Affected
Notified: January 28, 2015 Updated: January 30, 2015
Statement Date: January 29, 2015
Status
Affected
Vendor Statement
"Our most recent glibc packages are not affected; we’ll be issuing an
advisory anyway to inform users who may still have older versions installed."
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Juniper Networks, Inc. Affected
Updated: January 30, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
NEC Corporation __ Affected
Updated: October 22, 2015
Status
Affected
Vendor Statement
“We provide information on this issue at the following URL: <<http://jpn.nec.com/security-info/secinfo/nv15-007.html>> (only in Japanese).”
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
NetApp Affected
Updated: January 30, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Openwall GNU/*/Linux __ Affected
Notified: January 28, 2015 Updated: January 30, 2015
Statement Date: January 29, 2015
Status
Affected
Vendor Statement
“Openwall GNU/*/Linux (Owl) was affected, although there's no known attack vector that would expose the glibc bug as a vulnerability in an install of Owl with no third-party software. We have released glibc updates for Owl 3.1-stable and Owl-current on 2015/01/28.”
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Red Hat, Inc. Affected
Notified: January 28, 2015 Updated: January 30, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
- <https://access.redhat.com/security/cve/CVE-2015-0235>
- <https://rhn.redhat.com/errata/RHSA-2015-0099.html>
SUSE Linux __ Affected
Notified: January 28, 2015 Updated: January 28, 2015
Statement Date: January 28, 2015
Status
Affected
Vendor Statement
"`SUSE Linux Enterprise 11 and older are affected by the problem. We released
updates
for all supported and affected codestreams.
SUSE Linux Enterprise 12 is not affected by this problem.`"
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
- <http://support.novell.com/security/cve/CVE-2015-0235.html>
- <http://lists.suse.com/pipermail/sle-security-updates/2015-January/001186.html>
Slackware Linux Inc. Affected
Notified: January 28, 2015 Updated: January 28, 2015
Statement Date: January 28, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Ubuntu __ Affected
Notified: January 28, 2015 Updated: January 28, 2015
Statement Date: January 28, 2015
Status
Affected
Vendor Statement
“Ubuntu 10.04 LTS (lucid) and Ubuntu 12.04 LTS (precise) were affected; Ubuntu 14.04 LTS and newer releases were not, as they included versions of the GNU C Library that already contained the upstream fix.”
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
- <http://www.ubuntu.com/usn/usn-2485-1/>
- <https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GHOST>
openSUSE project __ Affected
Notified: January 28, 2015 Updated: January 30, 2015
Statement Date: January 28, 2015
Status
Affected
Vendor Statement
“openSUSE 13.1 and 13.2 are not affected by the problem.”
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
- <http://support.novell.com/security/cve/CVE-2015-0235.html>
- <http://lists.suse.com/pipermail/sle-security-updates/2015-January/001186.html>
Addendum
Older versions of openSUSE may be affected. Check with the vendor to see if you require an upgrade.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23967332 Feedback>).
Contiki OS __ Not Affected
Notified: January 28, 2015 Updated: January 28, 2015
Statement Date: January 28, 2015
Status
Not Affected
Vendor Statement
“Contiki OS does not use the GNU libc resolver functions so is not affected by this.”
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CentOS Unknown
Notified: January 28, 2015 Updated: January 28, 2015
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Cray Inc. Unknown
Notified: January 28, 2015 Updated: January 28, 2015
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Fedora Project Unknown
Notified: January 28, 2015 Updated: January 28, 2015
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Hewlett-Packard Company Unknown
Notified: January 28, 2015 Updated: January 28, 2015
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
IBM Corporation (zseries) Unknown
Notified: January 28, 2015 Updated: January 28, 2015
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
IBM eServer Unknown
Notified: January 28, 2015 Updated: January 28, 2015
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Mandriva S. A. Unknown
Notified: January 28, 2015 Updated: January 28, 2015
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Oracle Corporation Unknown
Notified: January 28, 2015 Updated: January 28, 2015
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
Turbolinux Unknown
Notified: January 28, 2015 Updated: January 28, 2015
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor References
View all 26 vendors __View less vendors __
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 7.8 | E:POC/RL:OF/RC:C |
| Environmental | 5.9 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- <https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt>
- <http://www.openwall.com/lists/oss-security/2015/01/27/9>
Acknowledgements
Credit to Qualys for discovering the vulnerability.
This document was written by Garret Wassermann.
Other Information
| CVE IDs: | CVE-2015-0235 |
|---|---|
| Date Public: | 2015-01-28 Date First Published: |
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%