Lucene search

[email protected]NVD:CVE-2015-0235

HistoryJan 28, 2015 - 7:59 p.m.

CVE-2015-0235

2015-01-2819:59:00

CWE-787

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

0.975

Percentile

100.0%

JSON

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka “GHOST.”

Affected configurations

Nvd

Node

gnuglibcRange2.0–2.18

Node

oraclecommunications_application_session_controllerRange<3.7.1

oraclecommunications_eagle_application_processorMatch16.0

oraclecommunications_eagle_lnp_application_processorMatch10.0

oraclecommunications_lsmsMatch13.1

oraclecommunications_policy_managementMatch9.7.3

oraclecommunications_policy_managementMatch9.9.1

oraclecommunications_policy_managementMatch10.4.1

oraclecommunications_policy_managementMatch11.5

oraclecommunications_policy_managementMatch12.1.1

oraclecommunications_session_border_controllerRange<7.2.0

oraclecommunications_session_border_controllerMatch7.2.0-

oraclecommunications_session_border_controllerMatch8.0.0

oraclecommunications_user_data_repositoryRange10.0.0–10.0.1

oraclecommunications_webrtc_session_controllerMatch7.0

oraclecommunications_webrtc_session_controllerMatch7.1

oraclecommunications_webrtc_session_controllerMatch7.2

oracleexalogic_infrastructureMatch1.0

oracleexalogic_infrastructureMatch2.0

oraclevm_virtualboxRange<5.1.24

oraclelinuxMatch5-

oraclelinuxMatch70

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

redhatvirtualizationMatch6.0

Node

applemac_os_xRange<10.11.1

Node

ibmpureapplication_systemMatch1.0.0.0

ibmpureapplication_systemMatch1.1.0.0

ibmpureapplication_systemMatch2.0.0.0

ibmsecurity_access_manager_for_enterprise_single_sign-onMatch8.2

Node

phpphpRange5.4.0–5.4.38

phpphpRange5.5.0–5.5.22

phpphpRange5.6.0–5.6.6

VendorProductVersionCPE
gnuglibc*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
oraclecommunications_application_session_controller*cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*
oraclecommunications_eagle_application_processor16.0cpe:2.3:a:oracle:communications_eagle_application_processor:16.0:*:*:*:*:*:*:*
oraclecommunications_eagle_lnp_application_processor10.0cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*
oraclecommunications_lsms13.1cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:*
oraclecommunications_policy_management9.7.3cpe:2.3:a:oracle:communications_policy_management:9.7.3:*:*:*:*:*:*:*
oraclecommunications_policy_management9.9.1cpe:2.3:a:oracle:communications_policy_management:9.9.1:*:*:*:*:*:*:*
oraclecommunications_policy_management10.4.1cpe:2.3:a:oracle:communications_policy_management:10.4.1:*:*:*:*:*:*:*
oraclecommunications_policy_management11.5cpe:2.3:a:oracle:communications_policy_management:11.5:*:*:*:*:*:*:*
oraclecommunications_policy_management12.1.1cpe:2.3:a:oracle:communications_policy_management:12.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	glibc	*	cpe:2.3:a:gnu:glibc::::::::
oracle	communications_application_session_controller	*	cpe:2.3:a:oracle:communications_application_session_controller::::::::
oracle	communications_eagle_application_processor	16.0	cpe:2.3:a:oracle:communications_eagle_application_processor:16.0:::::::*
oracle	communications_eagle_lnp_application_processor	10.0	cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:::::::*
oracle	communications_lsms	13.1	cpe:2.3:a:oracle:communications_lsms:13.1:::::::*
oracle	communications_policy_management	9.7.3	cpe:2.3:a:oracle:communications_policy_management:9.7.3:::::::*
oracle	communications_policy_management	9.9.1	cpe:2.3:a:oracle:communications_policy_management:9.9.1:::::::*
oracle	communications_policy_management	10.4.1	cpe:2.3:a:oracle:communications_policy_management:10.4.1:::::::*
oracle	communications_policy_management	11.5	cpe:2.3:a:oracle:communications_policy_management:11.5:::::::*
oracle	communications_policy_management	12.1.1	cpe:2.3:a:oracle:communications_policy_management:12.1.1:::::::*

Rows per page:

1-10 of 311

References

blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/

linux.oracle.com/errata/ELSA-2015-0090.html

linux.oracle.com/errata/ELSA-2015-0092.html

lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

lists.apple.com/archives/security-announce/2015/Oct/msg00005.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

marc.info/?l=bugtraq&m=142296726407499&w=2

marc.info/?l=bugtraq&m=142721102728110&w=2

marc.info/?l=bugtraq&m=142722450701342&w=2

marc.info/?l=bugtraq&m=142781412222323&w=2

marc.info/?l=bugtraq&m=143145428124857&w=2

packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html

packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html

packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html

packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html

packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html

rhn.redhat.com/errata/RHSA-2015-0126.html

seclists.org/fulldisclosure/2015/Jan/111

seclists.org/fulldisclosure/2019/Jun/18

seclists.org/fulldisclosure/2021/Sep/0

seclists.org/fulldisclosure/2022/Jun/36

seclists.org/oss-sec/2015/q1/269

seclists.org/oss-sec/2015/q1/274

secunia.com/advisories/62517

secunia.com/advisories/62640

secunia.com/advisories/62667

secunia.com/advisories/62680

secunia.com/advisories/62681

secunia.com/advisories/62688

secunia.com/advisories/62690

secunia.com/advisories/62691

secunia.com/advisories/62692

secunia.com/advisories/62698

secunia.com/advisories/62715

secunia.com/advisories/62758

secunia.com/advisories/62812

secunia.com/advisories/62813

secunia.com/advisories/62816

secunia.com/advisories/62865

secunia.com/advisories/62870

secunia.com/advisories/62871

secunia.com/advisories/62879

secunia.com/advisories/62883

support.apple.com/kb/HT204942

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost

www-01.ibm.com/support/docview.wss?uid=swg21695695

www-01.ibm.com/support/docview.wss?uid=swg21695774

www-01.ibm.com/support/docview.wss?uid=swg21695835

www-01.ibm.com/support/docview.wss?uid=swg21695860

www-01.ibm.com/support/docview.wss?uid=swg21696131

www-01.ibm.com/support/docview.wss?uid=swg21696243

www-01.ibm.com/support/docview.wss?uid=swg21696526

www-01.ibm.com/support/docview.wss?uid=swg21696600

www-01.ibm.com/support/docview.wss?uid=swg21696602

www-01.ibm.com/support/docview.wss?uid=swg21696618

www.debian.org/security/2015/dsa-3142

www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf

www.mandriva.com/security/advisories?name=MDVSA-2015:039

www.openwall.com/lists/oss-security/2021/05/04/7

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

www.securityfocus.com/archive/1/534845/100/0/threaded

www.securityfocus.com/bid/72325

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1032909

www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

bto.bluecoat.com/security-advisory/sa90

cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf

community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668

help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

kb.juniper.net/InfoCenter/index?page=content&id=JSA10671

kc.mcafee.com/corporate/index?page=content&id=SB10100

seclists.org/bugtraq/2019/Jun/14

security.gentoo.org/glsa/201503-04

security.netapp.com/advisory/ntap-20150127-0001/

support.apple.com/HT205267

support.apple.com/HT205375

www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9

www.f-secure.com/en/web/labs_global/fsc-2015-1

www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

www.sophos.com/en-us/support/knowledgebase/121879.aspx

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

0.975

Percentile

100.0%

JSON

CVE-2015-0235

Affected configurations

References

Related