[ALUG] GHOST GLIBC LIBRARY VULNERABILITY
Njikalia Mrema
njikalmrema at yahoo.com
Thu Jan 29 15:28:50 EAT 2015
Thank you
On Wed, Jan 28, 2015 at 12:50 PM, Kambey L. Kisambu via Linux <
linux at lists.habari.co.tz> wrote:
> Hello Linux/System Admins,
>
> If you running CentOS or RedHat based OS then kindly ASAP upgdate the
> glibc library as there is a glibc vulnerability as below:-
>
> View in a Web Browser[image: Red Hat]
> GHOST GLIBC LIBRARY VULNERABILITYLEARN MORE
>
> Red Hat Product Security is aware of a critical vulnerability in the glibc
> library. This vulnerability is commonly known as GHOST and has been assigned
> *CVE-2015-0235*.
>
> GHOST is a 'buffer overflow' bug affecting the gethostbyname() and
> gethostbyname2() function calls in the glibc library. This vulnerability
> allows a remote attacker to execute arbitrary code with the permissions of
> the user running the application.
>
> The gethostbyname() function calls are used for DNS resolving, which is a
> very common event. To exploit this vulnerability, an attacker must trigger
> a buffer overflow by supplying an invalid hostname argument to an
> application that then calls gethostbyname().
>
> *The easiest way to check vulnerability and/or confirm remediation is the
> Red Hat Access Lab: GHOST - gethostbyname Detector*
>
> For more information, please see this Red Hat Customer Portal *Knowledge
> Article*.
>
> If you have questions or concerns, please contact *Red Hat Technical
> Support*.
>
> --
>
> Kambey L. Kisambu
> ICT Officer - Systems Administration
> e-Government Agency, President's Office, Public Service Management
> Samora Avenue, Extelecom Building, 2nd Floor
> P.O.Box 4273
> Dar es Salaam
> Mobile: +25576(1)7688450
> Phone: +255222129868/74
> Email: kambey.lotoishe at ega.go.tz
> Personal Email: kambeylk at gmail.com
>
> Website: www.ega.go.tz
>
> “*You Are Never Old To Set Another Goal Or To Dream A New Dream”*
>
>
>
> _______________________________________________
> The Arusha Linux User Group: http://unix.or.tz
> Linux mailing list
> Linux at lists.habari.co.tz
> http://lists.habari.co.tz/cgi-bin/mailman/listinfo/linux
>
> The Arusha LUG mailing list is generously hosted by Habari Node Ltd:
> http://www.habari.co.tz/
>
> The above comments and data are owned by whoever posted them (including
> attachments if any). The mailing list host is not responsible for them in
> any way.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.habari.co.tz/pipermail/linux/attachments/20150129/f87b7a2a/attachment-0001.html>
More information about the Linux
mailing list