oss-sec mailing list archives
Re: R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
From: Ammar Brohi <brohiammar () gmail com>
Date: Sat, 31 Jan 2015 16:11:21 +0500
I wonder how to detect this vulnerability? Any remote or local script to run? Thanks, On Fri, Jan 30, 2015 at 3:54 PM, linkbc02 <linkbc02 () outlook com> wrote:
|If you try upgrading glibc and the issue goes away, _that_ would be a |reason to suspect relevance. Hi, already done # rpm -q glibc glibc-2.12-1.132.el6_5.2.x86_64 glibc-2.12-1.132.el6_5.2.i686 # yum update glibc # rpm -q glibc glibc-2.12-1.149.el6_6.5.x86_64 glibc-2.12-1.149.el6_6.5.i686 # /etc/init.d/dovecot restart # telnet localhost 143 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP ready. 1 login 00000000000000000000000000000000000000000000000000000000000000000000000000-c utted- BAD Error in IMAP command received by server. * BAD Error in IMAP command received by server. #dmesg doesn't show anymore segfault and core dump
Current thread:
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235), (continued)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kees Cook (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Alexander Cherepanov (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Ammar Brohi (Jan 31)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Daniel Kahn Gillmor (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jan Schaumann (Jan 29)