10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Robert Krátký reports:
GHOST is a 'buffer overflow' bug affecting the gethostbyname() and
gethostbyname2() function calls in the glibc library. This
vulnerability allows a remote attacker that is able to make an
application call to either of these functions to execute arbitrary
code with the permissions of the user running the application.
The gethostbyname() function calls are used for DNS resolving, which
is a very common event. To exploit this vulnerability, an attacker
must trigger a buffer overflow by supplying an invalid hostname
argument to an application that performs a DNS resolution.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | linux_base-c6 | < 6.6_2 | UNKNOWN |
FreeBSD | any | noarch | linux_base-f10 | = 0 | UNKNOWN |
FreeBSD | any | noarch | linux-c6-devtools | < 6.6_3 | UNKNOWN |
FreeBSD | any | noarch | linux-f10-devtools | = 0 | UNKNOWN |