oss-sec mailing list archives

Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow

From: Qualys Security Advisory <qsa () qualys com>
Date: Thu, 29 Jan 2015 08:48:49 -0800

Dear All,

We were asked off-list whether HAProxy is vulnerable to GHOST or not,
and thought others might be interested in the answer as well.  The short
version is:  HAProxy is NOT vulnerable to GHOST.

The slightly longer version is:  we are looking for gethostbyname()
calls whose hostname argument can be controlled by an attacker.  There
are indeed a few calls to gethostbyname() in HAProxy, but their hostname
arguments all depend on the configuration file, in the end, so they are
safe (side note: there is getaddrinfo() support too, but it seems to be
turned on for Solaris only, by default).

Hope this is useful.  With best regards,

-- 
the Qualys Security Advisory team

Current thread:

Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)
  - Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
    - Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)
    - Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Stephane Chazelas (Jan 28)
    - Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Amos Jeffries (Jan 27)
    - Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Sven Kieske (Jan 28)
    - Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 29)
    - Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Solar Designer (Jan 29)