oss-sec mailing list archives
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
From: Qualys Security Advisory <qsa () qualys com>
Date: Tue, 27 Jan 2015 18:36:26 -0800
On Tue, Jan 27, 2015 at 05:47:47PM -0800, endrazine wrote:
From GHOST.c : ... char name[10]; memset(name, '0', len); name[len] = '\0'; ...
Interesting! But where did you possibly get that code? Every copy of our advisory includes the original proof-of-concept, which is quite different from what you are showing here: ... char name[sizeof(temp.buffer)]; ... References: http://www.openwall.com/lists/oss-security/2015/01/27/9 https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt And just in case: $ md5sum GHOST.c aa8dbce88e54027dbd4723ccd142f717 GHOST.c With best regards, -- the Qualys Security Advisory team
Current thread:
- GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Pierre Schweitzer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) endrazine (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) endrazine (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jonathan Brossard (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Pierre Schweitzer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Filip Palian (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)