The Ghost vulnerability the GHOST affects a large number of Linux operating system and its release version update repair programme-vulnerability warning-the black bar safety net

ID MYHACK58:62201558520
Type myhack58
Reporter 佚名
Modified 2015-01-29T00:00:00


Security researchers have recently exposed a named Ghost(GHOST)a serious security vulnerability, this vulnerability may allow an attacker remote accessoperating systemis the highest control authority, the impact of the market on a large number of Linux operating system and its release version. The vulnerability CVE number CVE-2 0 1 5-0 2 3 of 5.

What is the glibc

glibc is the GNU release of the libc library, the c run-time library. glibc is a linux system, most of the underlying api, almost any other runtime will depend on glibc it. glibc in addition to the package of the linux operating system provides system services, it also provides many other necessary functions and services. glibc encompasses almost all of the UNIX prevailing standards.

Vulnerability overview

Code audit company Qualys researchers in the glibc library in the__nss_hostname_digits_dots()function found a buffer overflow vulnerability, the bug can be subjected to gethostbyname*()function is local or remote trigger.

Application main use of the gethostbyname*()function initiates a DNS request, this function will be the host name converted to ip address.

Scope of impact

The vulnerability affects glibc library version 2. 2-2. 1 7 The Linux operating system

Operating systemtypes include

CentOS 6 & 7 Debian 7 Red Hat Enterprise Linux 6 & 7 Ubuntu 10.04 & 12.04 Each Linux distribution

[1] [2] [3] [4] next