1. 21
    CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow linux security marc.info
    CVE-2015-0235: heap overflow in gethostbyname() linux security bugzilla.redhat.com tcrayford avatar via tcrayford 3 years ago
    Heap overflow in gethostbyname() allows remote code execution security translate.google.com kb avatar via kb 3 years ago
    jcs avatar via jcs 3 years ago | cached | 4 comments

  1.  

  2. 7
    jcs avatar jcs 3 years ago | link

    In this section, we describe how we achieve remote code execution against the Exim SMTP mail server, bypassing the NX (No-eXecute) protection and glibc’s malloc hardening.

    Ah, fun times.

    1. 3
      blake avatar blake 3 years ago | link

      getaddrinfo() migrations - if you haven’t started yet, today is the day

      1. 2
        tedu avatar tedu 3 years ago | link

        (Entirely reasonable advice.)

        Note that the broken function isn’t gethostbyname itself, and in fact getaddrinfo will even call the same function but with slightly different preconditions. I think it’s closer to “luck” than “skill” that getaddrinfo slides by here.

      2. 2
        puffnfresh avatar puffnfresh 3 years ago | link

        I was worried until the mitigating factors part:

        A patch already exists (since May 21, 2013), and has been applied and tested since glibc-2.18, released on August 12, 2013