[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
From: Ammar Brohi <brohiammar () gmail ! com>
Date: 2015-01-31 11:11:21
Message-ID: CA+Qk1jbSf=8bHoQdw+qT7vGkRh-ZAbs4v2TLhDySUAtKeo0oEg () mail ! gmail ! com
[Download RAW message or body]
I wonder how to detect this vulnerability? Any remote or local script to
run?
Thanks,
On Fri, Jan 30, 2015 at 3:54 PM, linkbc02 <linkbc02@outlook.com> wrote:
> |If you try upgrading glibc and the issue goes away, _that_ would be a
> |reason to suspect relevance.
>
> Hi, already done
>
>
> # rpm -q glibc
> glibc-2.12-1.132.el6_5.2.x86_64
> glibc-2.12-1.132.el6_5.2.i686
>
> # yum update glibc
>
>
> # rpm -q glibc
> glibc-2.12-1.149.el6_6.5.x86_64
> glibc-2.12-1.149.el6_6.5.i686
>
>
>
> # /etc/init.d/dovecot restart
>
>
> # telnet localhost 143
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
> STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP ready.
> 1 login
>
> 00000000000000000000000000000000000000000000000000000000000000000000000000-c
> utted-
>
>
> BAD Error in IMAP command received by server.
>
> * BAD Error in IMAP command received by server.
>
>
> #dmesg doesn't show anymore segfault and core dump
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic