|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2015-01-28 00:36:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems (Threat Post)
Threat Post takes
a look at a critical vulnerability in glibc. "The issue stems
from a heap-based buffer overflow found in the __nss_hostname_digits_dots()
function in glibc. That particular function is used by the _gethostbyname
function calls. “A remote attacker able to make an application call either
of these functions could use this flaw to execute arbitrary code with the
permissions of the user running the application,” said an advisory
from Linux distributor Red Hat." The vulnerability has been
assigned CVE-2015-0235.
Threat Post takes
a look at a critical vulnerability in glibc. "The issue stems
from a heap-based buffer overflow found in the __nss_hostname_digits_dots()
function in glibc. That particular function is used by the _gethostbyname
function calls. “A remote attacker able to make an application call either
of these functions could use this flaw to execute arbitrary code with the
permissions of the user running the application,” said an advisory
from Linux distributor Red Hat." The vulnerability has been
assigned CVE-2015-0235.
