IBM19014976708B59CA6D0D38BD53FC83A65A328CD06A0D3047C00AD7FB2745CD32

HistoryJun 16, 2018 - 9:22 p.m.

Security Bulletin: GNU C library (glibc) vulnerability is fixed in IBM Security Access Manager for Enterprise Single Sign-On Virtual Appliance (CVE-2015-0235)

2018-06-1621:22:14

www.ibm.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

GNU C library (glibc) vulnerability that has been referred to as GHOST affects IBM Security Access Manager for Enterprise Single Sign-On Virtual Appliance (ISAM ESSO VA)

Vulnerability Details

CVEID:CVE-2015-0235

**DESCRIPTION:**glibc is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the __nss_hostname_digits_dots() function. By sending an invalid hostname argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVSS Base Score: 7.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100386_ _for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

Affected Products and Versions

IBM Security Access Manager for Enterprise Single Sign-On Virtual Appliance 8.2.0

Remediation/Fixes

Product Versions

| Fix Availability
—|—
ISAM ESSO VA 8.2.0| 8.2.0-ISS-SAMESSO-VA-IF0002

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security access manager for enterprise single sign-oneq8.2

CPE	Name	Operator	Version
	ibm security access manager for enterprise single sign-on	eq	8.2

checkpoint_security 1

lenovo 2

nessus 53

ibm 32

zdt 4

packetstorm 6

thn 3

redhat 5

securityvulns 4

osv 2

debiancve 1

prion 1

amazon 3

openvas 30

ubuntucve 1

freebsd 2

threatpost 2

checkpoint_advisories 1

ics 2

centos 2

slackware 1

metasploit 2

attackerkb 1

f5 2

altlinux 2

cert 1

debian 2

exploitpack 2

cisa 1

oraclelinux 5

seebug 1

citrix 1

suse 3

paloalto 1

ubuntu 1

cve 1

cloudfoundry 1

veracode 1

fortinet 1

arista 1

huawei 1

cisco 1

vulnerlab 2

exploitdb 2

fedora 2

archlinux 2

gentoo 1

checkpoint_security

Check Point Response to CVE-2015-0235 (glibc - GHOST)

2015-01-26 22:00:00

lenovo

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow (

2016-07-22 00:00:00

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow ("GHOST")

2016-07-22 00:00:00

nessus

Cisco IOS XE GNU C Library (glibc) Buffer Overflow (CSCus69732) (GHOST)

2015-03-02 00:00:00

Check Point Gaia Operating Remote Heap Buffer Overflow (sk104443)(GHOST)

2017-12-04 00:00:00

Ubuntu 10.04 LTS / 12.04 LTS : eglibc vulnerability (USN-2485-1) (GHOST)

2015-01-28 00:00:00

ibm

Security Bulletin: GNU C library (glibc) vulnerability affects Tivoli Storage Productivity Center (CVE-2015-0235)

2022-02-22 19:50:07

Security Bulletin: GNU C library (glibc) vulnerability affects IBM WebSphere Cast Iron Solution (CVE-2015-0235)

2018-06-15 07:02:34

Security Bulletin: GNU C library (glibc) vulnerability affects the Intel MPSS for use on the Intel Xeon Phi 3120A, Intel Xeon Phi 5110P, Intel Xeon Phi 7120A and Intel Xeon Phi 7120P PCI-Express add-in cards sold by IBM/Lenovo

2019-01-31 01:45:01

zdt

Exim GHOST (glibc gethostbyname) Buffer Overflow Exploit

2015-03-19 00:00:00

Exim ESMTP GHOST Denial Of Service Exploit

2015-01-29 00:00:00

Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor Vulnerability

2022-06-21 00:00:00

packetstorm

Exim GHOST (glibc gethostbyname) Buffer Overflow

2015-03-24 00:00:00

Exim ESMTP GHOST Denial Of Service

2015-01-29 00:00:00

Qualys Security Advisory - glibc gethostbyname Buffer Overflow

2015-01-27 00:00:00

thn

Critical GHOST vulnerability affects most Linux Systems

2015-01-27 21:17:00

GHOST glibc Vulnerability Affects WordPress and PHP applications

2015-01-29 23:53:00

Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately)

2016-02-16 21:27:00

redhat

(RHSA-2015:0090) Critical: glibc security update

2015-01-27 00:00:00

(RHSA-2015:0099) Critical: glibc security update

2015-01-28 00:00:00

(RHSA-2015:0092) Critical: glibc security update

2015-01-27 00:00:00

securityvulns

Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow

2015-02-02 00:00:00

GNU glibc gethostbyname functions buffer overflow

2015-02-02 00:00:00

ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities

2015-03-16 00:00:00

osv

eglibc - security update

2015-01-28 00:00:00

eglibc - security update

2015-01-27 00:00:00

debiancve

CVE-2015-0235

2015-01-28 19:59:00

prion

Heap overflow

2015-01-28 19:59:00

amazon

Critical: glibc

2015-01-27 11:41:00

Critical: php54

2015-03-13 10:00:00

Critical: php55

2015-03-23 08:29:00

openvas

CentOS Update for glibc CESA-2015:0092 centos7

2015-01-28 00:00:00

openSUSE: Security Advisory for glibc (openSUSE-SU-2015:0184-1)

2015-02-03 00:00:00

Debian: Security Advisory (DLA-139-1)

2023-03-08 00:00:00

ubuntucve

CVE-2015-0235

2015-01-27 00:00:00

freebsd

glibc -- gethostbyname buffer overflow

2015-01-27 00:00:00

php5 -- multiple vulnerabilities

2015-02-18 00:00:00

threatpost

Ghost glibc Vulnerability Patching and Exploits

2015-01-28 13:28:29

GHOST glibc Linux Remote Code Execution Vulnerability

2015-01-27 12:55:29

checkpoint_advisories

GNU C Library gethostbyname Buffer Overflow (CVE-2015-0235)

2015-01-28 00:00:00

ics

Siemens SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE GHOST Vulnerability

2018-09-10 12:00:00

Siemens SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE GHOST Vulnerability (Update A)

2018-08-27 12:00:00

centos

glibc, nscd security update

2015-01-27 23:31:01

glibc, nscd security update

2015-01-27 22:59:55

slackware

[slackware-security] glibc

2015-01-28 20:35:21

metasploit

Exim GHOST (glibc gethostbyname) Buffer Overflow

2015-03-18 23:51:16

WordPress XMLRPC GHOST Vulnerability Scanner

2015-01-30 14:29:51

attackerkb

Heap overflow in glibc 2.2 name resolution (CVE-2015-0235)

2015-01-28 00:00:00

K16057 : GHOST: glibc gethostbyname buffer overflow vulnerability CVE-2015-0235

2015-10-09 00:00:00

SOL16057 - GHOST: glibc gethostbyname buffer overflow vulnerability CVE-2015-0235

2015-01-27 00:00:00

altlinux

Security fix for the ALT Linux 6 package glibc version 6:2.11.3-alt8.M60P.2

2015-01-28 00:00:00

Security fix for the ALT Linux 5 package glibc version 6:2.11.2-alt1.M51.2

2015-01-28 00:00:00

cert

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

2015-01-28 00:00:00

debian

[SECURITY] [DLA 139-1] eglibc security update

2015-01-28 10:25:42

[SECURITY] [DSA 3142-1] eglibc security update

2015-01-27 15:39:01

exploitpack

Exim ESMTP 4.80 - glibc gethostbyname Denial of Service

2015-01-29 00:00:00

Exim - GHOST glibc gethostbyname Buffer Overflow (Metasploit)

2015-03-18 00:00:00

cisa

Linux "Ghost" Remote Code Execution Vulnerability

2015-01-27 00:00:00

oraclelinux

glibc security update

2015-01-29 00:00:00

glibc security update

2015-01-27 00:00:00

glibc security update

2015-08-17 00:00:00

seebug

Linux glibc 缓冲区溢出 (幽灵(Ghost))

2015-07-02 00:00:00

citrix

CVE-2015-0235 - Citrix Security Advisory for glibc GHOST Vulnerability

2015-01-28 04:00:00

suse

Security update for glibc (critical)

2015-02-02 09:04:48

Security update for glibc (critical)

2015-01-28 03:04:56

glibc (critical)

2015-01-28 19:04:53

paloalto

GHOST: glibc vulnerability

2015-02-02 08:00:00

ubuntu

GNU C Library vulnerability

2015-01-27 00:00:00

cve

CVE-2015-0235

2015-01-28 19:59:00

cloudfoundry

CVE-2015-0235 - GHOST | Cloud Foundry

2015-01-28 00:00:00

veracode

Arbitrary Code Execution

2019-01-15 09:04:16

fortinet

CVE-2015-0235 "GHOST" vulnerability

2015-01-28 00:00:00

arista

Security Advisory 0009

2015-01-28 00:00:00

huawei

Security Advisory - Glibc Buffer Overflow Vulnerability

2015-02-26 00:00:00

cisco

GNU glibc gethostbyname Function Buffer Overflow Vulnerability

2015-01-28 22:30:00

vulnerlab

Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure

2015-01-30 00:00:00

Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure

2015-01-30 00:00:00

exploitdb

Exim - 'GHOST' glibc gethostbyname Buffer Overflow (Metasploit)

2015-03-18 00:00:00

Exim ESMTP 4.80 - glibc gethostbyname Denial of Service

2015-01-29 00:00:00

fedora

[SECURITY] Fedora 21 Update: php-5.6.6-1.fc21

2015-02-23 23:28:40

[SECURITY] Fedora 20 Update: php-5.5.22-1.fc20

2015-03-04 10:24:35

archlinux

jasper: arbitrary code execution

2015-01-27 00:00:00

flashplugin: multiple issues

2015-01-23 00:00:00

gentoo

GNU C Library: Multiple vulnerabilities

2015-03-08 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

Security Bulletin: GNU C library (glibc) vulnerability is fixed in IBM Security Access Manager for Enterprise Single Sign-On Virtual Appliance (CVE-2015-0235)

Summary

Vulnerability Details

Affected Products and Versions

Remediation/Fixes

Workarounds and Mitigations

Related