{"vuid":"VU#967332","idnumber":"967332","name":"GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow","keywords":["glibc","buffer overflow","GHOST","ghost","CVE-2015-0235"],"overview":"The __nss_hostname_digits_dots() function of the GNU C Library (glibc) allows a buffer overflow condition in which arbitrary code may be executed. This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name \"GHOST\".","clean_desc":"According to Qualys, the vulnerability is \"a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions\" and furthermore, \"arbitrary code execution can be achieved\" by use of the buffer overflow. All versions of glibc from glibc-2.2 (released 2010-11-10) until glibc-2.17 are vulnerable. The vulnerability was patched on 2013-05-21, prior to the release of glibc-2.18. For more details, please see the full Qualys Security Advisory.","impact":"The __nss_hostname_digits_dots() function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.","resolution":"Apply an update Affected users may apply a patch or update to glibc-2.18 or later. The Vendor Status information below provides more information on updates.","workarounds":"","sysaffected":"Some older, no longer supported versions of linux distribut","thanks":"Credit to Qualys for discovering the vulnerability.","author":"This document was written by Garret Wassermann.","public":["https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt","http://www.openwall.com/lists/oss-security/2015/01/27/9"],"cveids":["CVE-2015-0235"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-01-28T12:57:13Z","publicdate":"2015-01-28T00:00:00Z","datefirstpublished":"2015-01-28T23:39:11Z","dateupdated":"2015-10-22T13:00:46Z","revision":25,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"7.8","cvss_environmentalscore":"5.86926702432","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}