[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overfl
From: Solar Designer <solar () openwall ! com>
Date: 2015-01-29 23:52:24
Message-ID: 20150129235224.GA9204 () openwall ! com
[Download RAW message or body]
On Tue, Jan 27, 2015 at 10:20:20AM -0800, Qualys Security Advisory wrote:
> Here is a list of potential targets that we investigated (they all call
> gethostbyname, one way or another), but to the best of our knowledge,
> the buffer overflow cannot be triggered in any of them:
>
> apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
> nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
> pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,
> vsftpd, xinetd.
>
> That being said, we believe it would be interesting if other people
> could have a look, just in case we missed something.
That's an impressive list above, thanks!
To add on the topic and aggregate the relevant news in this thread:
Today there's some talk about GHOST possibly being exploitable via web
apps, and in particular via the pingback feature in WordPress:
http://threatpost.com/php-applications-wordpress-subject-to-ghost-glibc-vulnerability/110755
Alexander
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic