|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2015-01-28 00:19:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Highly critical “Ghost” allowing code execution affects most Linux systems (Ars Technica)
Ars Technica has a report on GHOST, which is a critical vulnerability found in the GNU C library (glibc).
"The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that's invoked by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. In a blog post published Tuesday, researchers from security firm Qualys said they were able to write proof-of-concept exploit code that carried out a full-fledged remote code execution attack against the Exim mail server. The exploit bypassed all existing exploit protections available on both 32-bit and 64-bit systems, including address space layout randomization, position independent executions, and no execute protections." While the proof-of-concept used Exim, a wide variety of client and server programs call gethostbyname*(), often at the behest of a remote system (or attacker). Distributions have started putting out updates; users and administrators should plan on updating as soon as possible.
Ars Technica has a report on GHOST, which is a critical vulnerability found in the GNU C library (glibc).
"The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that's invoked by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. In a blog post published Tuesday, researchers from security firm Qualys said they were able to write proof-of-concept exploit code that carried out a full-fledged remote code execution attack against the Exim mail server. The exploit bypassed all existing exploit protections available on both 32-bit and 64-bit systems, including address space layout randomization, position independent executions, and no execute protections." While the proof-of-concept used Exim, a wide variety of client and server programs call gethostbyname*(), often at the behest of a remote system (or attacker). Distributions have started putting out updates; users and administrators should plan on updating as soon as possible.
