CVE-2015-0235: GHOST glibc vulnerability

CVE ID

CVE-2015-0235

DESCRIPTION

GHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application. (published 01/27/2015)

Unitrends risk assessment: Severity High

Although the gethostbyname function is deprecated, it is likely that at least one of the running Linux services uses this function. The updated glibc library rpms should be installed.

RESOLUTION

Fixed in CentOS update repo versions:

  • glibc-2.5-123.el5_11.1 for CentOS5

  • glibc-2.12-1.149.el6_6.5 for CentOS6

To update to the new version of glibc with the fix, either do 'yum update glibc' from the command line, or perform an update from the UI (as of 01/29/2015).

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us