oss-sec mailing list archives
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Tue, 27 Jan 2015 09:20:21 -0800
Nice work - thanks for the thoroughly investigated and detailed advisory. Given the constraints, I'm assuming that Exim was the only obviously remotely exploitable case that you were able to identify? I'd imagine that you investigated OpenSSH, Apache, other SMTP agents, etc? Would you be willing to publish the list of the reviewed implementations to reduce the amount of repeated work? /mz
Current thread:
- Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Stephane Chazelas (Jan 28)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Amos Jeffries (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Sven Kieske (Jan 28)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 29)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Solar Designer (Jan 29)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)