GHOST Vulnerability: CVE-2015-0235

 

ghost2

Background Information:

Last January 27, 2015, cloud security provider Qualys announced a vulnerability in all versions of the GNU C library (glibc).

 

Details:

According to RedHat’s CVE Database:

A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

More