ID CVE-2015-0235
Summary Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:communications_applications:13.1
    cpe:2.3:a:oracle:communications_applications:13.1
  • cpe:2.3:a:oracle:oracle_pillar_axiom:6.1
    cpe:2.3:a:oracle:oracle_pillar_axiom:6.1
  • cpe:2.3:a:oracle:oracle_pillar_axiom:6.2
    cpe:2.3:a:oracle:oracle_pillar_axiom:6.2
  • cpe:2.3:a:oracle:oracle_pillar_axiom:6.3
    cpe:2.3:a:oracle:oracle_pillar_axiom:6.3
  • GNU glibc 2.0
    cpe:2.3:a:gnu:glibc:2.0
  • GNU glibc 2.0.1
    cpe:2.3:a:gnu:glibc:2.0.1
  • GNU glibc 2.0.2
    cpe:2.3:a:gnu:glibc:2.0.2
  • GNU glibc 2.0.3
    cpe:2.3:a:gnu:glibc:2.0.3
  • GNU glibc 2.0.4
    cpe:2.3:a:gnu:glibc:2.0.4
  • GNU glibc 2.0.5
    cpe:2.3:a:gnu:glibc:2.0.5
  • GNU glibc 2.0.6
    cpe:2.3:a:gnu:glibc:2.0.6
  • GNU glibc 2.1
    cpe:2.3:a:gnu:glibc:2.1
  • GNU glibc 2.1.1
    cpe:2.3:a:gnu:glibc:2.1.1
  • GNU glibc 2.1.1.6
    cpe:2.3:a:gnu:glibc:2.1.1.6
  • GNU glibc 2.1.2
    cpe:2.3:a:gnu:glibc:2.1.2
  • GNU glibc 2.1.3
    cpe:2.3:a:gnu:glibc:2.1.3
  • GNU glibc 2.1.9
    cpe:2.3:a:gnu:glibc:2.1.9
  • GNU glibc 2.2
    cpe:2.3:a:gnu:glibc:2.2
  • GNU glibc 2.2.1
    cpe:2.3:a:gnu:glibc:2.2.1
  • GNU glibc 2.2.2
    cpe:2.3:a:gnu:glibc:2.2.2
  • GNU glibc 2.2.3
    cpe:2.3:a:gnu:glibc:2.2.3
  • GNU glibc 2.2.4
    cpe:2.3:a:gnu:glibc:2.2.4
  • GNU glibc 2.2.5
    cpe:2.3:a:gnu:glibc:2.2.5
  • GNU glibc 2.10.1
    cpe:2.3:a:gnu:glibc:2.10.1
  • GNU glibc 2.11
    cpe:2.3:a:gnu:glibc:2.11
  • GNU glibc 2.11.1
    cpe:2.3:a:gnu:glibc:2.11.1
  • GNU glibc 2.11.2
    cpe:2.3:a:gnu:glibc:2.11.2
  • GNU glibc 2.11.3
    cpe:2.3:a:gnu:glibc:2.11.3
  • GNU glibc 2.12
    cpe:2.3:a:gnu:glibc:2.12
  • GNU glibc 2.12.1
    cpe:2.3:a:gnu:glibc:2.12.1
  • GNU glibc 2.12.2
    cpe:2.3:a:gnu:glibc:2.12.2
  • GNU glibc 2.13
    cpe:2.3:a:gnu:glibc:2.13
  • GNU glibc 2.14
    cpe:2.3:a:gnu:glibc:2.14
  • GNU glibc 2.14.1
    cpe:2.3:a:gnu:glibc:2.14.1
  • GNU glibc 2.15
    cpe:2.3:a:gnu:glibc:2.15
  • GNU glibc 2.16
    cpe:2.3:a:gnu:glibc:2.16
  • GNU glibc 2.17
    cpe:2.3:a:gnu:glibc:2.17
CVSS
Base: 10.0 (as of 01-06-2016 - 16:17)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description Exim GHOST (glibc gethostbyname) Buffer Overflow. CVE-2015-0235. Remote exploit for linux platform
    id EDB-ID:36421
    last seen 2016-02-04
    modified 2015-03-18
    published 2015-03-18
    reporter Qualys Corporation
    source https://www.exploit-db.com/download/36421/
    title Exim GHOST glibc gethostbyname Buffer Overflow
  • description Exim ESMTP 4.80 glibc gethostbyname - Denial of Service. CVE-2015-0235. Dos exploit for linux platform
    id EDB-ID:35951
    last seen 2016-02-04
    modified 2015-01-29
    published 2015-01-29
    reporter 1n3
    source https://www.exploit-db.com/download/35951/
    title Exim ESMTP 4.80 glibc gethostbyname - Denial of Service
metasploit via4
nessus via4
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-493.NASL
    description A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Use after free vulnerability was reported in PHP DateTimeZone. (CVE-2015-0273)
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 81829
    published 2015-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81829
    title Amazon Linux AMI : php54 (ALAS-2015-493) (GHOST)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201503-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. Workaround : There is no known workaround at this time.
    last seen 2017-10-29
    modified 2016-05-20
    plugin id 81689
    published 2015-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81689
    title GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-84.NASL
    description This update for glibc fixes the following security issue : CVE-2015-0235: A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname(), that could lead to a local or remote buffer overflow. (bsc#913646)
    last seen 2017-10-29
    modified 2015-10-22
    plugin id 81136
    published 2015-02-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81136
    title openSUSE Security Update : glibc (openSUSE-SU-2015:0184-1) (GHOST)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150127_GLIBC_ON_SL6_X.NASL
    description A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)
    last seen 2017-10-29
    modified 2015-10-22
    plugin id 81038
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81038
    title Scientific Linux Security Update : glibc on SL6.x, SL7.x i386/x86_64 (GHOST)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2015-028-01.NASL
    description New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and 14.1 to fix a security issue.
    last seen 2017-10-29
    modified 2016-05-19
    plugin id 81075
    published 2015-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81075
    title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : glibc (SSA:2015-028-01) (GHOST)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_0765DE84A6C111E4A0C1C485083CA99C.NASL
    description Robert Kratky reports : GHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application. The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.
    last seen 2017-10-29
    modified 2016-05-26
    plugin id 81062
    published 2015-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81062
    title FreeBSD : glibc -- gethostbyname buffer overflow (0765de84-a6c1-11e4-a0c1-c485083ca99c) (GHOST)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150127_GLIBC_ON_SL5_X.NASL
    description A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)
    last seen 2017-10-29
    modified 2015-10-22
    plugin id 81037
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81037
    title Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (GHOST)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0101.NASL
    description From Red Hat Security Advisory 2015:0101 : Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-07-21
    modified 2018-07-18
    plugin id 81099
    published 2015-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81099
    title Oracle Linux 4 : glibc (ELSA-2015-0101) (GHOST)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0013.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Update fix for CVE-2015-7547 (#1296028). - Create helper threads with enough stack for POSIX AIO and timers (#1301625). - Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow (#1296028). - Support loading more libraries with static TLS (#1291270). - Check for NULL arena pointer in _int_pvalloc (#1256890). - Don't change no_dyn_threshold on mallopt failure (#1256891). - Unlock main arena after allocation in calloc (#1256812). - Enable robust malloc change again (#1256812). - Fix perturbing in malloc on free and simply perturb_byte (#1256812). - Don't fall back to mmap prematurely (#1256812). - The malloc deadlock avoidance support has been temporarily removed since it triggers deadlocks in certain applications (#1244002). - Fix ruserok check to reject, not skip, negative user checks (#1217186). - Optimize ruserok function for large ~/.rhosts (#1217186). - Fix crash in valloc due to the backtrace deadlock fix (#1207236). - Fix buffer overflow in gethostbyname_r with misaligned buffer (#1209376, CVE-2015-1781). - Avoid deadlock in malloc on backtrace (#1066724). - Support running applications that use Intel AVX-512 (#1195453). - Silence logging of record type mismatch for DNSSEC records (#1088301). - Shrink heap on free when vm.overcommit_memory == 2 (#867679). - Enhance nscd to detect any configuration file changes (#859965). - Fix __times handling of EFAULT when buf is NULL (#1124204). - Fix memory leak with dlopen and thread-local storage variables (#978098). - Prevent getaddrinfo from writing DNS queries to random fd (CVE-2013-7423, - Implement userspace half of in6.h header coordination (#1053178). - Correctely size relocation cache used by profiler (#1144132). - Fix reuse of cached stack leading to bounds overrun of DTV (#1116050). - Return failure in getnetgrent only when all netgroups have been searched (#1085312). - Fix valgrind warning in nscd_stats (#1091915). - Initialize xports array (#1159167). - Fix tst-default-attr test to not fail on powerpc (#1023306). - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183534). - Fix typo in nscd/selinux.c (#1125307). - Actually run test-iconv modules (#1176907). - Fix recursive dlopen (#1154563). - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1172044). - Fix wordexp to honour WRDE_NOCMD (CVE-2014-7817, #1171296). - Fix typo in res_send and res_query (#rh1138769).
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 88783
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88783
    title OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0101.NASL
    description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-07-30
    modified 2018-07-26
    plugin id 81104
    published 2015-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81104
    title RHEL 4 : glibc (RHSA-2015:0101) (GHOST)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GLIBC-9035.NASL
    description This update for glibc fixes the following security issue : - A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname(), that can lead to a local or remote buffer overflow. (bsc#913646). (CVE-2015-0235)
    last seen 2018-08-02
    modified 2018-08-01
    plugin id 81125
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81125
    title SuSE 10 Security Update : glibc (ZYPP Patch Number 9035)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2485-1.NASL
    description It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-08-05
    modified 2018-08-03
    plugin id 81042
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81042
    title Ubuntu 10.04 LTS / 12.04 LTS : eglibc vulnerability (USN-2485-1) (GHOST)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-494.NASL
    description A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) A use-after-free flaw was found in the unserialize() function of PHP's DateTimeZone implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2015-0273)
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 82043
    published 2015-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82043
    title Amazon Linux AMI : php55 (ALAS-2015-494) (GHOST)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_11_1.NASL
    description The remote host is running a version of Mac OS X that is 10.9.5 or later but prior to 10.11.1 It is, therefore, affected by multiple vulnerabilities in the following components : - Accelerate Framework (CVE-2015-5940) - apache_mod_php (CVE-2015-0235, CVE-2015-0273, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838) - ATS (CVE-2015-6985) - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003) - Bom (CVE-2015-7006) - CFNetwork (CVE-2015-7023) - configd (CVE-2015-7015) - CoreGraphics (CVE-2015-5925, CVE-2015-5926) - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992, CVE-2015-7017) - Directory Utility (CVE-2015-6980) - Disk Images (CVE-2015-6995) - EFI (CVE-2015-7035) - File Bookmark (CVE-2015-6987) - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018) - Grand Central Dispatch (CVE-2015-6989) - Graphics Drivers (CVE-2015-7019, CVE-2015-7020, CVE-2015-7021) - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939) - IOAcceleratorFamily (CVE-2015-6996) - IOHIDFamily (CVE-2015-6974) - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994) - libarchive (CVE-2015-6984) - MCX Application Restrictions (CVE-2015-7016) - Net-SNMP (CVE-2014-3565, CVE-2012-6151) - OpenGL (CVE-2015-5924) - OpenSSH (CVE-2015-6563) - Sandbox (CVE-2015-5945) - Script Editor (CVE-2015-7007) - Security (CVE-2015-6983, CVE-2015-7024) - SecurityAgent (CVE-2015-5943) Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2018-07-15
    modified 2018-07-14
    plugin id 86654
    published 2015-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86654
    title Mac OS X < 10.11.1 Multiple Vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F7A9E415BDCA11E4970C000C292EE6B8.NASL
    description The PHP Project reports : Use after free vulnerability in unserialize() with DateTimeZone. Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer overflow.
    last seen 2017-10-29
    modified 2015-10-22
    plugin id 81559
    published 2015-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81559
    title FreeBSD : php5 -- multiple vulnerabilities (f7a9e415-bdca-11e4-970c-000c292ee6b8) (GHOST)
  • NASL family Firewalls
    NASL id CHECK_POINT_GAIA_SK104443.NASL
    description The remote host is running a version of Gaia OS which is affected by a heap buffer overflow vulnerability in glibc which could potentially allow an attacker execute arbitrary code in the context of the user running the affected application.
    last seen 2017-12-05
    modified 2017-12-05
    plugin id 104998
    published 2017-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104998
    title Check Point Gaia Operating Remote Heap Buffer Overflow (sk104443)(GHOST)
  • NASL family CISCO
    NASL id CISCO-SA-20150128-GHOST-IOSXE_NOVA.NASL
    description The remote Cisco device is running a version of Cisco IOS XE software that is potentially affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validated user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. Note that this issue only affects those IOS XE instances that are running as a 'Nova' device, and thus, if the remote IOS XE instance is not running as a 'Nova' device, consider this a false positive.
    last seen 2018-08-10
    modified 2018-08-09
    plugin id 81595
    published 2015-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81595
    title Cisco IOS XE GNU GNU C Library (glibc) Buffer Overflow (CSCus69731) (GHOST)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0092.NASL
    description From Red Hat Security Advisory 2015:0092 : Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-07-21
    modified 2018-07-18
    plugin id 81031
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81031
    title Oracle Linux 6 / 7 : glibc (ELSA-2015-0092) (GHOST)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-473.NASL
    description A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call to either of these functions can use this flaw to execute arbitrary code with the permissions of the user running the application. Special notes : Because of the exceptional nature of this security event, we have backfilled our 2014.03 and 2013.09 Amazon Linux AMI repositories with new glibc packages that fix CVE-2015-0235 . For 2014.09 Amazon Linux AMIs, 'glibc-2.17-55.93.amzn1' addresses the CVE. Running 'yum clean all' followed by 'yum update glibc' will install the fixed package, and you should reboot your instance after installing the update. For Amazon Linux AMIs 'locked' to the 2014.03 repositories, the same 'glibc-2.17-55.93.amzn1' addresses the CVE. Running 'yum clean all' followed by 'yum update glibc' will install the fixed package, and you should reboot your instance after installing the update. For Amazon Linux AMIs 'locked' to the 2013.09 repositories, 'glibc-2.12-1.149.49.amzn1' addresses the CVE. Running 'yum clean all' followed by 'yum update glibc' will install the fixed package, and you should reboot your instance after installing the update. For Amazon Linux AMIs 'locked' to the 2013.03, 2012.09, 2012.03, or 2011.09 repositories, run 'yum clean all' followed by 'yum --releasever=2013.09 update glibc' to install the updated glibc package. You should reboot your instance after installing the update. If you are using a pre-2011.09 Amazon Linux AMI, then you are using a version of the Amazon Linux AMI that was part of our public beta, and we encourage you to move to a newer version of the Amazon Linux AMI as soon as possible.
    last seen 2018-06-29
    modified 2018-06-27
    plugin id 81024
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81024
    title Amazon Linux AMI : glibc (ALAS-2015-473)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_11.NASL
    description The remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11. It is, therefore, affected by multiple vulnerabilities in the following components : - Address Book - AirScan - apache_mod_php - Apple Online Store Kit - AppleEvents - Audio - bash - Certificate Trust Policy - CFNetwork Cookies - CFNetwork FTPProtocol - CFNetwork HTTPProtocol - CFNetwork Proxies - CFNetwork SSL - CoreCrypto - CoreText - Dev Tools - Disk Images - dyld - EFI - Finder - Game Center - Heimdal - ICU - Install Framework Legacy - Intel Graphics Driver - IOAudioFamily - IOGraphics - IOHIDFamily - IOStorageFamily - Kernel - libc - libpthread - libxpc - Login Window - lukemftpd - Mail - Multipeer Connectivity - NetworkExtension - Notes - OpenSSH - OpenSSL - procmail - remote_cmds - removefile - Ruby - Safari - Safari Downloads - Safari Extensions - Safari Safe Browsing - Security - SMB - SQLite - Telephony - Terminal - tidy - Time Machine - WebKit - WebKit CSS - WebKit JavaScript Bindings - WebKit Page Loading - WebKit Plug-ins Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2018-07-15
    modified 2018-07-14
    plugin id 86270
    published 2015-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86270
    title Mac OS X < 10.11 Multiple Vulnerabilities (GHOST)
  • NASL family Misc.
    NASL id XEROX_XRX15R.NASL
    description According to its model number and software version, the remote Xerox WorkCentre 77XX device is affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - A heap-based buffer overflow condition exists in the GNU C Library (glibc) due to improper validation of user-supplied input to the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. This vulnerability is known as GHOST. (CVE-2015-0235)
    last seen 2018-08-10
    modified 2018-08-07
    plugin id 87327
    published 2015-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87327
    title Xerox WorkCentre 77XX Multiple Vulnerabilities (XRX15R) (FREAK) (GHOST)
  • NASL family CISCO
    NASL id CISCO-SA-20150128-GHOST-NXOS.NASL
    description The version of Cisco NX-OS software running on the remote device is affected by a remote code execution vulnerability known as GHOST. A heap-based buffer overflow condition exists in the GNU C Library (glibc) due to improper validation of user-supplied input to the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). An unauthenticated, remote attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
    last seen 2018-07-10
    modified 2018-07-09
    plugin id 92412
    published 2016-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92412
    title Cisco NX-OS GNU C Library (glibc) Buffer Overflow (GHOST)
  • NASL family CISCO
    NASL id CISCO_CUCM_CSCUS66650-GHOST.NASL
    description According to its self-reported version, the remote Cisco Unified Communications Manager (CUCM) device is affected by a heap-based buffer overflow in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
    last seen 2018-07-07
    modified 2018-07-06
    plugin id 81546
    published 2015-02-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81546
    title Cisco Unified Communications Manager Remote Buffer Overflow (CSCus66650) (GHOST)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL16057.NASL
    description A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker may be able to use this flaw to execute arbitrary code.(CVE-2015-0235) Impact A remote attacker may be able to execute arbitrary code.
    last seen 2018-07-12
    modified 2018-07-10
    plugin id 86009
    published 2015-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86009
    title F5 Networks BIG-IP : GHOST: glibc gethostbyname buffer overflow vulnerability (K16057) (GHOST)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3142.NASL
    description Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library : - CVE-2015-0235 Qualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument. This could be used by an attacker to execute arbitrary code in processes which called the affected functions. The original glibc bug was reported by Peter Klotz. - CVE-2014-7817 Tim Waugh of Red Hat discovered that the WRDE_NOCMD option of the wordexp function did not suppress command execution in all cases. This allows a context-dependent attacker to execute shell commands. - CVE-2012-6656 CVE-2014-6040 The charset conversion code for certain IBM multi-byte code pages could perform an out-of-bounds array access, causing the process to crash. In some scenarios, this allows a remote attacker to cause a persistent denial of service.
    last seen 2018-07-10
    modified 2018-07-09
    plugin id 81029
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81029
    title Debian DSA-3142-1 : eglibc - security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0099.NASL
    description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-07-30
    modified 2018-07-26
    plugin id 81068
    published 2015-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81068
    title RHEL 5 / 6 : glibc (RHSA-2015:0099) (GHOST)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0092.NASL
    description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-07-03
    modified 2018-07-02
    plugin id 81026
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81026
    title CentOS 6 / 7 : glibc (CESA-2015:0092) (GHOST)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0126.NASL
    description An updated rhev-hypervisor6 package that fixes multiple security issues is now available for Red Hat Enterprise Virtualization 3. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611) A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646) Red Hat would like to thank Qualys for reporting the CVE-2015-0235 issue, Lars Bull of Google for reporting the CVE-2014-3611 issue, and the Advanced Threat Research team at Intel Security for reporting the CVE-2014-3645 and CVE-2014-3646 issues. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package.
    last seen 2018-07-30
    modified 2018-07-26
    plugin id 81200
    published 2015-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81200
    title RHEL 6 : rhev-hypervisor6 (RHSA-2015:0126) (GHOST)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0092.NASL
    description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-07-30
    modified 2018-07-26
    plugin id 81034
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81034
    title RHEL 6 / 7 : glibc (RHSA-2015:0092) (GHOST)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0022.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533).
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 81103
    published 2015-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81103
    title OracleVM 3.3 : glibc (OVMSA-2015-0022) (GHOST)
  • NASL family CGI abuses
    NASL id PHP_5_6_6.NASL
    description According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.6. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the 'ext/date/php_date.c' script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (CVE-2015-0273) - An XML External Entity (XXE) flaw exists in the PHP-FPM component due to improper parsing of XML data. A remote attacker can exploit this, via specially crafted XML data, to disclose sensitive information or cause a denial of service. (CVE-2015-8866) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 81512
    published 2015-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81512
    title PHP 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0090.NASL
    description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-07-30
    modified 2018-07-26
    plugin id 81033
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81033
    title RHEL 5 : glibc (RHSA-2015:0090) (GHOST)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0090.NASL
    description From Red Hat Security Advisory 2015:0090 : Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-07-21
    modified 2018-07-18
    plugin id 81044
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81044
    title Oracle Linux 5 : glibc (ELSA-2015-0090) (GHOST)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-039.NASL
    description A vulnerability has been discovered and corrected in glibc : Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka GHOST. (CVE-2015-0235) The updated packages have been patched to correct this issue.
    last seen 2018-08-02
    modified 2018-07-19
    plugin id 81280
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81280
    title Mandriva Linux Security Advisory : glibc (MDVSA-2015:039)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0024.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don't handle ttl == 0 specially (#929035). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951132) - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951132) - Add missing patch to avoid use after free (#816647) - Fix race in initgroups compat_call (#706571) - Fix return value from getaddrinfo when servers are down. (#758193) - Fix fseek on wide character streams. Sync's seeking code with RHEL 6 (#835828) - Call feraiseexcept only if exceptions are not masked (#861871). - Always demangle function before checking for NULL value. (#816647). - Do not fail in ttyname if /proc is not available (#851450). - Fix errno for various overflow situations in vfprintf. Add missing overflow checks. (#857387) - Handle failure of _nl_explode_name in all cases (#848481) - Define the default fuzz factor to 2 to make it easier to manipulate RHEL 5 RPMs on RHEL 6 and newer systems. - Fix race in intl/* testsuite (#849202) - Fix out of bounds array access in strto* exposed by 847930 patch. - Really fix POWER4 strncmp crash (#766832). - Fix integer overflow leading to buffer overflow in strto* (#847930) - Fix race in msort/qsort (#843672) - Fix regression due to 797096 changes (#845952) - Do not use PT_IEEE_IP ptrace calls (#839572) - Update ULPs (#837852) - Fix various transcendentals in non-default rounding modes (#837852) - Fix unbound alloca in vfprintf (#826947) - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930. (#823905) - Fix fnmatch when '*' wildcard is applied on a file name containing multibyte chars. (#819430) - Fix unbound allocas use in glob_in_dir, getaddrinfo and others. (#797096) - Fix segfault when running ld.so --verify on some DSO's in current working directory. (#808342) - Incorrect initialization order for dynamic loader (#813348) - Fix return code when stopping already stopped nscd daemon (#678227) - Remove MAP_32BIT for pthread stack mappings, use MAP_STACK instead (#641094) - Fix setuid vs sighandler_setxid race (#769852) - Fix access after end of search string in regex matcher (#757887) - Fix POWER4 strncmp crash (#766832) - Fix SC_*CACHE detection for X5670 cpus (#692182) - Fix parsing IPV6 entries in /etc/resolv.conf (#703239) - Fix double-free in nss_nis code (#500767) - Add kernel VDSO support for s390x (#795896) - Fix race in malloc arena creation and make implementation match documented behaviour (#800240) - Do not override TTL of CNAME with TTL of its alias (#808014) - Fix short month names in fi_FI locale #(657266). - Fix nscd crash for group with large number of members (#788989) - Fix Slovakia currency (#799853) - Fix getent malloc failure check (#806403) - Fix short month names in zh_CN locale (#657588) - Fix decimal point symbol for Portuguese currency (#710216) - Avoid integer overflow in sbrk (#767358) - Avoid race between [,__de]allocate_stack and __reclaim_stacks during fork (#738665) - Fix race between IO_flush_all_lockp & pthread_cancel (#751748) - Fix memory leak in NIS endgrent (#809325) - Allow getaddr to accept SCTP socket types in hints (#765710) - Fix errno handling in vfprintf (#794814) - Filter out when building file lists (#784646). - Avoid 'nargs' integer overflow which could be used to bypass FORTIFY_SOURCE (#794814) - Fix currency_symbol for uk_UA (#639000)
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 81119
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81119
    title OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GLIBC-150122.NASL
    description This update for glibc fixes the following security issue : - A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname(), that can lead to a local or remote buffer overflow. (bsc#913646). (CVE-2015-0235)
    last seen 2018-08-01
    modified 2018-07-31
    plugin id 81039
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81039
    title SuSE 11 Security Update : glibc (SAT Patch Numbers 10202,10204,10206)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-139.NASL
    description A vulnerability has been fixed in eglibc, Debian's version of the GNU C library : CVE-2015-0235 Qualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument. This could be used by an attacker to execute arbitrary code in processes which called the affected functions. The original glibc bug was reported by Peter Klotz. We recommend that you upgrade your eglibc packages. The other three CVEs fixed in Debian wheezy via DSA 3142-1 have already been fixed in squeeze LTS via DLA DLA 97-1. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-07-07
    modified 2018-07-06
    plugin id 82122
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82122
    title Debian DLA-139-1 : eglibc security update (GHOST)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2015-007.NASL
    description The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-004 or 2015-007. It is, therefore, affected by multiple vulnerabilities in the following components : - Accelerate Framework - apache_mod_php - ATS - Audio - CFNetwork - CoreGraphics - CoreText - EFI - FontParser - Grand Central Dispatch - ImageIO - IOAcceleratorFamily - Kernel - libarchive - MCX Application Restrictions - OpenGL Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2018-07-15
    modified 2018-07-14
    plugin id 86829
    published 2015-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86829
    title Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2015-005.NASL
    description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-005. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth - Certificate Trust Policy - CFNetwork HTTPAuthentication - CoreText - coreTLS - DiskImages - Display Drivers - EFI - FontParser - Graphics Driver - ImageIO - Install Framework Legacy - Intel Graphics Driver - IOAcceleratorFamily - IOFireWireFamily - Kernel - kext tools - Mail - ntfs - ntp - OpenSSL - QuickTime - Security - Spotlight - SQLite - System Stats - TrueTypeScaler - zip Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2018-07-15
    modified 2018-07-14
    plugin id 84489
    published 2015-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84489
    title Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam)
  • NASL family CISCO
    NASL id CISCO_TELEPRESENCE_CONDUCTOR_CSCUS69523.NASL
    description According to its self-reported version number, the Cisco TelePresence Conductor remote device is affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validating user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
    last seen 2018-07-07
    modified 2018-07-06
    plugin id 81407
    published 2015-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81407
    title Cisco TelePresence Conductor GNU glibc gethostbyname Function Buffer Overflow Vulnerability (GHOST)
  • NASL family CISCO
    NASL id CISCO-SA-20150128-ACE.NASL
    description The Cisco Application Control Engine (ACE) software installed on the remote Cisco IOS device is version A2(3.6d) or A5(3.1b). It is, therefore, affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validating user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
    last seen 2018-07-07
    modified 2018-07-06
    plugin id 81423
    published 2015-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81423
    title Cisco Application Control Engine GNU glibc gethostbyname Function Buffer Overflow Vulnerability (cisco-sa-20150128-ghost) (GHOST)
  • NASL family CISCO
    NASL id CISCO_TELEPRESENCE_VCS_CSCUS69558.NASL
    description According to its self-reported version number, the Cisco TelePresence Video Communication Server is affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validating user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
    last seen 2018-07-07
    modified 2018-07-06
    plugin id 81408
    published 2015-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81408
    title Cisco TelePresence Video Communication Server GNU glibc gethostbyname Function Buffer Overflow Vulnerability (GHOST)
  • NASL family CGI abuses
    NASL id PHP_5_5_22.NASL
    description According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.22. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the 'ext/date/php_date.c' script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (CVE-2015-0273) - An XML External Entity (XXE) flaw exists in the PHP-FPM component due to improper parsing of XML data. A remote attacker can exploit this, via specially crafted XML data, to disclose sensitive information or cause a denial of service. (CVE-2015-8866) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 81511
    published 2015-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81511
    title PHP 5.5.x < 5.5.22 Multiple Vulnerabilities (GHOST)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0090.NASL
    description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2018-07-03
    modified 2018-07-02
    plugin id 81025
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81025
    title CentOS 5 : glibc (CESA-2015:0090) (GHOST)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0023.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don't handle ttl == 0 specially (#929035). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951132) - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951132) - Add missing patch to avoid use after free (#816647) - Fix race in initgroups compat_call (#706571) - Fix return value from getaddrinfo when servers are down. (#758193) - Fix fseek on wide character streams. Sync's seeking code with RHEL 6 (#835828) - Call feraiseexcept only if exceptions are not masked (#861871). - Always demangle function before checking for NULL value. (#816647). - Do not fail in ttyname if /proc is not available (#851450). - Fix errno for various overflow situations in vfprintf. Add missing overflow checks. (#857387) - Handle failure of _nl_explode_name in all cases (#848481) - Define the default fuzz factor to 2 to make it easier to manipulate RHEL 5 RPMs on RHEL 6 and newer systems. - Fix race in intl/* testsuite (#849202) - Fix out of bounds array access in strto* exposed by 847930 patch. - Really fix POWER4 strncmp crash (#766832). - Fix integer overflow leading to buffer overflow in strto* (#847930) - Fix race in msort/qsort (#843672) - Fix regression due to 797096 changes (#845952) - Do not use PT_IEEE_IP ptrace calls (#839572) - Update ULPs (#837852) - Fix various transcendentals in non-default rounding modes (#837852) - Fix unbound alloca in vfprintf (#826947) - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930. (#823905) - Fix fnmatch when '*' wildcard is applied on a file name containing multibyte chars. (#819430) - Fix unbound allocas use in glob_in_dir, getaddrinfo and others. (#797096) - Fix segfault when running ld.so --verify on some DSO's in current working directory. (#808342) - Incorrect initialization order for dynamic loader (#813348) - Fix return code when stopping already stopped nscd daemon (#678227) - Remove MAP_32BIT for pthread stack mappings, use MAP_STACK instead (#641094) - Fix setuid vs sighandler_setxid race (#769852) - Fix access after end of search string in regex matcher (#757887) - Fix POWER4 strncmp crash (#766832) - Fix SC_*CACHE detection for X5670 cpus (#692182) - Fix parsing IPV6 entries in /etc/resolv.conf (#703239) - Fix double-free in nss_nis code (#500767) - Add kernel VDSO support for s390x (#795896) - Fix race in malloc arena creation and make implementation match documented behaviour (#800240) - Do not override TTL of CNAME with TTL of its alias (#808014) - Fix short month names in fi_FI locale #(657266). - Fix nscd crash for group with large number of members (#788989) - Fix Slovakia currency (#799853) - Fix getent malloc failure check (#806403) - Fix short month names in zh_CN locale (#657588) - Fix decimal point symbol for Portuguese currency (#710216) - Avoid integer overflow in sbrk (#767358) - Avoid race between [,__de]allocate_stack and __reclaim_stacks during fork (#738665) - Fix race between IO_flush_all_lockp & pthread_cancel (#751748) - Fix memory leak in NIS endgrent (#809325) - Allow getaddr to accept SCTP socket types in hints (#765710) - Fix errno handling in vfprintf (#794814) - Filter out when building file lists (#784646). - Avoid 'nargs' integer overflow which could be used to bypass FORTIFY_SOURCE (#794814) - Fix currency_symbol for uk_UA (#639000) - Correct test for detecting cycle during topo sort (#729661) - Check values from TZ file header (#767688) - Complete the numeric settings fix (#675259) - Complete the change for error codes from pthread_create (#707998) - Truncate time values in Linux futimes when falling back to utime (#758252) - Update systemtaparches - Add rules to build libresolv with SSP flags (#756453) - Fix PLT reference - Workaround misconfigured system (#702300) - Update systemtaparches - Correct cycle detection during dependency sorting (#729661) - Add gdb hooks (#711924) - Fix alloca accounting in strxfm and strcoll (#585433) - Correct cycle detection during dependency sorting (#729661) - ldd: never run file directly (#531160) - Implement greedy matching of weekday and month names (#657570) - Fix incorrect numeric settings (#675259) - Implement new mode for NIS passwd.adjunct.byname table (#678318) - Query NIS domain only when needed (#703345) - Count total processors using sysfs (#706894) - Translate clone error if necessary (#707998) - Workaround kernel clobbering robust list (#711531) - Use correct type when casting d_tag (#599056, CVE-2010-0830) - Report write error in addmnt even for cached streams (#688980, CVE-2011-1089) - Don't underestimate length of DST substitution (#694655) - Don't allocate executable stack when it cannot be allocated in the first 4G (#448011) - Initialize resolver state in nscd (#676039) - No cancel signal in unsafe places (#684808) - Check size of pattern in wide character representation in fnmatch (#681054) - Avoid too much stack use in fnmatch (#681054, CVE-2011-1071) - Properly quote output of locale (#625893, CVE-2011-1095) - Don't leave empty element in rpath when skipping the first element, ignore rpath elements containing non-isolated use of $ORIGIN when privileged (#667974, CVE-2011-0536) - Fix handling of newline in addmntent (#559579, CVE-2010-0296) - Don't ignore $ORIGIN in libraries (#670988) - Fix false assertion (#604796) - Fix ordering of DSO constructors and destructors (#604796) - Fix typo (#531576) - Fix concurrency problem between dl_open and dl_iterate_phdr (#649956) - Require suid bit on audit objects in privileged programs (#645678, CVE-2010-3856) - Never expand $ORIGIN in privileged programs (#643819, CVE-2010-3847) - Add timestamps to nscd logs (#527558) - Fix index wraparound handling in memusage (#531576) - Handle running out of buffer space with IPv6 mapping enabled (#533367) - Don't deadlock in __dl_iterate_phdr while (un)loading objects (#549813) - Avoid alloca in setenv for long strings (#559974) - Recognize POWER7 and ISA 2.06 (#563563) - Add support for AT_BASE_PLATFORM (#563599) - Restore locking in free_check (#585674) - Fix lookup of collation sequence value during regexp matching (#587360) - Fix POWER6 memcpy/memset (#579011) - Fix scope handling during dl_close (#593675) - Enable -fasynchronous-unwind-tables throughout (#593047) - Fix crash when aio thread creation fails (#566712)
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 81118
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81118
    title OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)
  • NASL family Palo Alto Local Security Checks
    NASL id PALO_ALTO_PAN-SA-2015-0002.NASL
    description The remote host is running a version of Palo Alto Networks PAN-OS equal to or prior to 5.0.15 / 6.0.8 / 6.1.2. It is, therefore, affected by a heap-based buffer overflow in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 81167
    published 2015-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81167
    title Palo Alto Networks PAN-OS <= 5.0.15 / 6.0.x <= 6.0.8 / 6.1.x <= 6.1.2 GNU C Library (glibc) Buffer Overflow (GHOST)
  • NASL family Misc.
    NASL id XEROX_XRX15AD_COLORQUBE.NASL
    description According to its model number and software version, the remote Xerox ColorQube device is affected by multiple OpenSSL vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - A heap-based buffer overflow condition exists in the GNU C Library (glibc) due to improper validation of user-supplied input to the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. This vulnerability is known as GHOST. (CVE-2015-0235)
    last seen 2018-08-10
    modified 2018-08-07
    plugin id 87322
    published 2015-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87322
    title Xerox ColorQube 92XX Multiple OpenSSL Vulnerabilities (XRX15AD) (FREAK) (GHOST) (POODLE)
  • NASL family CISCO
    NASL id CISCO_CUPS_CSCUS69785.NASL
    description According to its self-reported version, the Cisco Unified Communications Manager IM and Presence Server Service is affected by a heap-based buffer overflow condition in the GNU C Library (glibc) due to improper validation of user-supplied input to the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
    last seen 2018-07-07
    modified 2018-07-06
    plugin id 85449
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85449
    title Cisco Unified Communications Manager IM and Presence GNU C Library (glibc) Buffer Overflow (CSCus69785) (GHOST)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_10_4.NASL
    description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.4. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth - Certificate Trust Policy - CFNetwork HTTPAuthentication - CoreText - coreTLS - DiskImages - Display Drivers - EFI - FontParser - Graphics Driver - ImageIO - Install Framework Legacy - Intel Graphics Driver - IOAcceleratorFamily - IOFireWireFamily - Kernel - kext tools - Mail - ntfs - ntp - OpenSSL - QuickTime - Security - Spotlight - SQLite - System Stats - TrueTypeScaler - zip Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2018-07-15
    modified 2018-07-14
    plugin id 84488
    published 2015-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84488
    title Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)
  • NASL family CGI abuses
    NASL id PHP_5_4_38.NASL
    description According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.38. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the 'ext/date/php_date.c' script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (CVE-2015-0273) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-07-30
    modified 2018-07-24
    plugin id 81510
    published 2015-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81510
    title PHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST)
  • NASL family CISCO
    NASL id CISCO-SA-20150128-GHOST-IOSXR_NCS6K.NASL
    description The remote Cisco device is running a version of Cisco IOS XR software that is potentially affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validated user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. Note that this issue only affects Cisco Network Convergence System 6000 Series routers.
    last seen 2018-08-10
    modified 2018-08-09
    plugin id 81596
    published 2015-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81596
    title Cisco IOS XR GNU C Library (glibc) Buffer Overflow (GHOST)
  • NASL family CISCO
    NASL id CISCO-SA-20150128-GHOST-IOSXE_MULTI.NASL
    description The remote Cisco device is running a version of Cisco IOS XE software that is affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validated user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. Note that only the following devices are listed as affected : - Cisco ASR 1000 Series Aggregation Services Routers - Cisco ASR 920 Series Aggregation Services Routers - Cisco ASR 900 Series Aggregation Services Routers - Cisco 4400 Series Integrated Services Routers - Cisco 4300 Series Integrated Services Routers - Cisco Cloud Services Router 1000V Series
    last seen 2018-08-10
    modified 2018-08-09
    plugin id 81594
    published 2015-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81594
    title Cisco IOS XE GNU C Library (glibc) Buffer Overflow (CSCus69732) (GHOST)
packetstorm via4
redhat via4
advisories
  • bugzilla
    id 1183461
    title CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment glibc is earlier than 0:2.5-123.el5_11.1
          oval oval:com.redhat.rhsa:tst:20150090002
        • comment glibc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787003
      • AND
        • comment glibc-common is earlier than 0:2.5-123.el5_11.1
          oval oval:com.redhat.rhsa:tst:20150090006
        • comment glibc-common is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787009
      • AND
        • comment glibc-devel is earlier than 0:2.5-123.el5_11.1
          oval oval:com.redhat.rhsa:tst:20150090010
        • comment glibc-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787007
      • AND
        • comment glibc-headers is earlier than 0:2.5-123.el5_11.1
          oval oval:com.redhat.rhsa:tst:20150090008
        • comment glibc-headers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787013
      • AND
        • comment glibc-utils is earlier than 0:2.5-123.el5_11.1
          oval oval:com.redhat.rhsa:tst:20150090004
        • comment glibc-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787005
      • AND
        • comment nscd is earlier than 0:2.5-123.el5_11.1
          oval oval:com.redhat.rhsa:tst:20150090012
        • comment nscd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787011
    rhsa
    id RHSA-2015:0090
    released 2015-01-27
    severity Critical
    title RHSA-2015:0090: glibc security update (Critical)
  • bugzilla
    id 1183461
    title CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhsa:tst:20140675001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhsa:tst:20140675002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20140675003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20140675004
      • OR
        • AND
          • comment glibc is earlier than 0:2.17-55.el7_0.5
            oval oval:com.redhat.rhsa:tst:20150092005
          • comment glibc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872006
        • AND
          • comment glibc-common is earlier than 0:2.17-55.el7_0.5
            oval oval:com.redhat.rhsa:tst:20150092007
          • comment glibc-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872012
        • AND
          • comment glibc-devel is earlier than 0:2.17-55.el7_0.5
            oval oval:com.redhat.rhsa:tst:20150092009
          • comment glibc-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872018
        • AND
          • comment glibc-headers is earlier than 0:2.17-55.el7_0.5
            oval oval:com.redhat.rhsa:tst:20150092011
          • comment glibc-headers is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872010
        • AND
          • comment glibc-static is earlier than 0:2.17-55.el7_0.5
            oval oval:com.redhat.rhsa:tst:20150092013
          • comment glibc-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872008
        • AND
          • comment glibc-utils is earlier than 0:2.17-55.el7_0.5
            oval oval:com.redhat.rhsa:tst:20150092015
          • comment glibc-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872014
        • AND
          • comment nscd is earlier than 0:2.17-55.el7_0.5
            oval oval:com.redhat.rhsa:tst:20150092017
          • comment nscd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872016
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment glibc is earlier than 0:2.12-1.149.el6_6.5
            oval oval:com.redhat.rhsa:tst:20150092023
          • comment glibc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872006
        • AND
          • comment glibc-common is earlier than 0:2.12-1.149.el6_6.5
            oval oval:com.redhat.rhsa:tst:20150092029
          • comment glibc-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872012
        • AND
          • comment glibc-devel is earlier than 0:2.12-1.149.el6_6.5
            oval oval:com.redhat.rhsa:tst:20150092025
          • comment glibc-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872018
        • AND
          • comment glibc-headers is earlier than 0:2.12-1.149.el6_6.5
            oval oval:com.redhat.rhsa:tst:20150092024
          • comment glibc-headers is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872010
        • AND
          • comment glibc-static is earlier than 0:2.12-1.149.el6_6.5
            oval oval:com.redhat.rhsa:tst:20150092028
          • comment glibc-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872008
        • AND
          • comment glibc-utils is earlier than 0:2.12-1.149.el6_6.5
            oval oval:com.redhat.rhsa:tst:20150092027
          • comment glibc-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872014
        • AND
          • comment nscd is earlier than 0:2.12-1.149.el6_6.5
            oval oval:com.redhat.rhsa:tst:20150092026
          • comment nscd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100872016
    rhsa
    id RHSA-2015:0092
    released 2015-01-27
    severity Critical
    title RHSA-2015:0092: glibc security update (Critical)
  • rhsa
    id RHSA-2015:0126
rpms
  • glibc-0:2.5-123.el5_11.1
  • glibc-common-0:2.5-123.el5_11.1
  • glibc-devel-0:2.5-123.el5_11.1
  • glibc-headers-0:2.5-123.el5_11.1
  • glibc-utils-0:2.5-123.el5_11.1
  • nscd-0:2.5-123.el5_11.1
  • glibc-0:2.17-55.el7_0.5
  • glibc-common-0:2.17-55.el7_0.5
  • glibc-devel-0:2.17-55.el7_0.5
  • glibc-headers-0:2.17-55.el7_0.5
  • glibc-static-0:2.17-55.el7_0.5
  • glibc-utils-0:2.17-55.el7_0.5
  • nscd-0:2.17-55.el7_0.5
  • glibc-0:2.12-1.149.el6_6.5
  • glibc-common-0:2.12-1.149.el6_6.5
  • glibc-devel-0:2.12-1.149.el6_6.5
  • glibc-headers-0:2.12-1.149.el6_6.5
  • glibc-static-0:2.12-1.149.el6_6.5
  • glibc-utils-0:2.12-1.149.el6_6.5
  • nscd-0:2.12-1.149.el6_6.5
refmap via4
apple
  • APPLE-SA-2015-06-30-2
  • APPLE-SA-2015-09-30-3
  • APPLE-SA-2015-10-21-4
bid
  • 72325
  • 91787
bugtraq
  • 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
  • 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
  • 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
cisco 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
confirm
debian DSA-3142
fulldisc 20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
gentoo GLSA-201503-04
hp
  • HPSBGN03247
  • HPSBGN03270
  • HPSBGN03285
  • HPSBHF03289
  • HPSBMU03330
  • SSRT101937
  • SSRT101953
mandriva MDVSA-2015:039
misc
sectrack 1032909
secunia
  • 62517
  • 62640
  • 62667
  • 62680
  • 62681
  • 62688
  • 62690
  • 62691
  • 62692
  • 62698
  • 62715
  • 62758
  • 62812
  • 62813
  • 62816
  • 62865
  • 62870
  • 62871
  • 62879
  • 62883
the hacker news via4
vulner lab via4
id VULNERLAB:1430
last seen 2018-07-12
modified 2015-01-30
published 2015-01-30
reporter Rajivarnan R. [Security Researcher] - Akati Consulting Pvt Ltd
source http://www.vulnerability-lab.com/get_content.php?id=1430
title Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure
Last major update 02-01-2017 - 21:59
Published 28-01-2015 - 14:59
Last modified 09-11-2017 - 21:29
Back to Top