[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
From:       Solar Designer <solar () openwall ! com>
Date:       2015-01-30 10:25:02
Message-ID: 20150130102502.GA15118 () openwall ! com
[Download RAW message or body]

On Fri, Jan 30, 2015 at 11:09:01AM +0100, linkbc02 wrote:
> Sorry Alexander, I quoted the wrong one.
> I can confirm, Dovecot, at least, got crashed, I asked also Timo S. that is
> digging about it.
> Screenshot
> http://goo.gl/JwhWIf

The screenshot shows you entering lots of 0's when talking the IMAP
protocol.  It does not necessarily indicate any relevance to GHOST.

If you try upgrading glibc and the issue goes away, _that_ would be a
reason to suspect relevance.  OTOH, if the issue persists even with
GHOST-patched glibc, that would be a reason to think it's an unrelated
issue (which most likely it is).  Can you perform this test maybe?
Don't forget to restart Dovecot after the glibc upgrade.

As to use of the mailing list, I'd prefer no screenshots, pastebins,
etc. in here.  Instead, post the information in plain text form right in
here.  And here are some guidelines on better quoting:

http://www.complang.tuwien.ac.at/anton/mail-news-errors.html
http://www.netmeister.org/news/learn2quote.html

Alexander
[prev in list] [next in list] [prev in thread] [next in thread]