CVE-2015-0235
HIGH severity · CVSS 10 · Out-of-bounds write
10CVSS HIGH
Summary
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)85%
AV:N/AC:L/Au:N/C:C/I:C/A:C
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/Advisory
- http://linux.oracle.com/errata/ELSA-2015-0090.htmlAdvisory
- http://linux.oracle.com/errata/ELSA-2015-0092.htmlAdvisory
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlAdvisory
- http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.htmlAdvisory
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.htmlAdvisory
- http://marc.info/?l=bugtraq&m=142296726407499&w=2Advisory
- http://marc.info/?l=bugtraq&m=142721102728110&w=2Advisory