GHOST Vulnerability CVE-2015-0235

January 29, 2015

The GNU C Library (glibc) is used as the C library in the GNU systems and most systems with the Linux kernel.

A heap-based buffer overflow exists in gethostbyname2() glibc function calls. A remote attacker able to make an application call to either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. Buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc) is reachable both locally and remotely via the gethostbyname*() functions.

It is called the GHOST vulnerability as it can be triggered by the GetHOST functions.

The strcpy() in __nss_hostname_digits_dots() allows to write past the end of buffer leading to buffer overflow which could execute arbitrary code. This vulnerability is patched.

Dell SonicWALL Threat Research Team has researched this vulnerability (CVE-2015-0235) and released the following signature to protect their customers.

  • IPS 6281:GNU Libc Heap Buffer Overflow