oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow

From: Stephane Chazelas <stephane.chazelas () gmail com>
Date: Wed, 28 Jan 2015 10:42:52 +0000
2015-01-27 11:54:10 -0800, Michal Zalewski:

apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,
vsftpd, xinetd.


Cool, thanks!

[...]

What about clients? AFAICT from the output of:

sudo stap -e 'probe
  process("/lib/x86_64-linux-gnu/libc.so.6").function("__gethostbyname_r"),
  process("/lib/x86_64-linux-gnu/libc.so.6").function("gethostbyname"),
  process("/lib/x86_64-linux-gnu/libc.so.6").function("gethostbyname2"),
  process("/lib/x86_64-linux-gnu/libc.so.6").function("__gethostbyname2_r"),
  process("/lib/x86_64-linux-gnu/libc.so.6").function("__new_gethostbyname2_r")
  { printf("[%s][%d]->%s(%s)\n", execname(), pid(), pp(), $name$)}'

All of google-chrome, firefox, thunderbird call at least one of
those with network supplied data.

Things like spam filters and antivirus are likely at risk
(thinking of network IDSes and other spam filtering/proxy appliances).

DHCP clients? Fancy wireless auth?

Cheers, 
Stephane
Previous By Date Next
Previous By Thread Next

Current thread: