oss-sec mailing list archives
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
From: Stephane Chazelas <stephane.chazelas () gmail com>
Date: Wed, 28 Jan 2015 10:42:52 +0000
2015-01-27 11:54:10 -0800, Michal Zalewski:
apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd.Cool, thanks!
[...] What about clients? AFAICT from the output of: sudo stap -e 'probe process("/lib/x86_64-linux-gnu/libc.so.6").function("__gethostbyname_r"), process("/lib/x86_64-linux-gnu/libc.so.6").function("gethostbyname"), process("/lib/x86_64-linux-gnu/libc.so.6").function("gethostbyname2"), process("/lib/x86_64-linux-gnu/libc.so.6").function("__gethostbyname2_r"), process("/lib/x86_64-linux-gnu/libc.so.6").function("__new_gethostbyname2_r") { printf("[%s][%d]->%s(%s)\n", execname(), pid(), pp(), $name$)}' All of google-chrome, firefox, thunderbird call at least one of those with network supplied data. Things like spam filters and antivirus are likely at risk (thinking of network IDSes and other spam filtering/proxy appliances). DHCP clients? Fancy wireless auth? Cheers, Stephane
Current thread:
- Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Stephane Chazelas (Jan 28)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Amos Jeffries (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Sven Kieske (Jan 28)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 29)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Solar Designer (Jan 29)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)