oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

From: Solar Designer <solar () openwall com>
Date: Fri, 30 Jan 2015 13:25:02 +0300
On Fri, Jan 30, 2015 at 11:09:01AM +0100, linkbc02 wrote:

Sorry Alexander, I quoted the wrong one.
I can confirm, Dovecot, at least, got crashed, I asked also Timo S. that is
digging about it.
Screenshot
http://goo.gl/JwhWIf


The screenshot shows you entering lots of 0's when talking the IMAP
protocol.  It does not necessarily indicate any relevance to GHOST.

If you try upgrading glibc and the issue goes away, _that_ would be a
reason to suspect relevance.  OTOH, if the issue persists even with
GHOST-patched glibc, that would be a reason to think it's an unrelated
issue (which most likely it is).  Can you perform this test maybe?
Don't forget to restart Dovecot after the glibc upgrade.

As to use of the mailing list, I'd prefer no screenshots, pastebins,
etc. in here.  Instead, post the information in plain text form right in
here.  And here are some guidelines on better quoting:

http://www.complang.tuwien.ac.at/anton/mail-news-errors.html
http://www.netmeister.org/news/learn2quote.html

Alexander
Previous By Date Next
Previous By Thread Next

Current thread: