oss-sec mailing list archives

R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

From: linkbc02 <linkbc02 () outlook com>
Date: Fri, 30 Jan 2015 11:54:49 +0100

|If you try upgrading glibc and the issue goes away, _that_ would be a
|reason to suspect relevance. 

Hi, already done


# rpm -q glibc 
glibc-2.12-1.132.el6_5.2.x86_64
glibc-2.12-1.132.el6_5.2.i686

# yum update glibc


# rpm -q glibc    
glibc-2.12-1.149.el6_6.5.x86_64
glibc-2.12-1.149.el6_6.5.i686



# /etc/init.d/dovecot restart


# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP ready.
1 login
00000000000000000000000000000000000000000000000000000000000000000000000000-c
utted-


BAD Error in IMAP command received by server.

* BAD Error in IMAP command received by server.


#dmesg doesn't show anymore segfault and core dump

Current thread:

Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235), (continued)
- - - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kees Cook (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Alexander Cherepanov (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 30)
    - R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
    - R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
    - R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
    - Re: R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Ammar Brohi (Jan 31)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Daniel Kahn Gillmor (Jan 29)
    - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jan Schaumann (Jan 29)