CVE - CVE-2015-0235

CVE-ID
CVE-2015-0235	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) URL:http://seclists.org/oss-sec/2015/q1/269 BUGTRAQ:20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow URL:http://seclists.org/oss-sec/2015/q1/274 BUGTRAQ:20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235 URL:http://www.securityfocus.com/archive/1/archive/1/534845/100/0/threaded FULLDISC:20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow URL:http://seclists.org/fulldisclosure/2015/Jan/111 MISC:https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability MISC:http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html MISC:http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html MISC:http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html MISC:https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt CONFIRM:http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/ CONFIRM:http://linux.oracle.com/errata/ELSA-2015-0090.html CONFIRM:http://linux.oracle.com/errata/ELSA-2015-0092.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21695835 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21695860 CONFIRM:https://bto.bluecoat.com/security-advisory/sa90 CONFIRM:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671 CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10100 CONFIRM:https://www.sophos.com/en-us/support/knowledgebase/121879.aspx CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21696243 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21696526 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21696600 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21696602 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21696618 CONFIRM:http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 CONFIRM:http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html CONFIRM:http://support.apple.com/kb/HT204942 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html CONFIRM:https://support.apple.com/HT205267 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html CONFIRM:https://support.apple.com/HT205375 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html CONFIRM:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21695695 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21695774 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21696131 CONFIRM:https://www.f-secure.com/en/web/labs_global/fsc-2015-1 CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM:https://security.netapp.com/advisory/ntap-20150127-0001/ APPLE:APPLE-SA-2015-06-30-2 URL:http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html APPLE:APPLE-SA-2015-09-30-3 URL:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html APPLE:APPLE-SA-2015-10-21-4 URL:http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html CISCO:20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability URL:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost DEBIAN:DSA-3142 URL:http://www.debian.org/security/2015/dsa-3142 GENTOO:GLSA-201503-04 URL:https://security.gentoo.org/glsa/201503-04 HP:HPSBHF03289 URL:http://marc.info/?l=bugtraq&m=142721102728110&w=2 HP:SSRT101953 URL:http://marc.info/?l=bugtraq&m=142721102728110&w=2 HP:HPSBGN03270 URL:http://marc.info/?l=bugtraq&m=142781412222323&w=2 HP:SSRT101937 URL:http://marc.info/?l=bugtraq&m=142781412222323&w=2 HP:HPSBGN03247 URL:http://marc.info/?l=bugtraq&m=142296726407499&w=2 HP:HPSBGN03285 URL:http://marc.info/?l=bugtraq&m=142722450701342&w=2 HP:HPSBMU03330 URL:http://marc.info/?l=bugtraq&m=143145428124857&w=2 MANDRIVA:MDVSA-2015:039 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:039 REDHAT:RHSA-2015:0126 URL:http://rhn.redhat.com/errata/RHSA-2015-0126.html BID:72325 URL:http://www.securityfocus.com/bid/72325 BID:91787 URL:http://www.securityfocus.com/bid/91787 SECTRACK:1032909 URL:http://www.securitytracker.com/id/1032909 SECUNIA:62517 URL:http://secunia.com/advisories/62517 SECUNIA:62640 URL:http://secunia.com/advisories/62640 SECUNIA:62667 URL:http://secunia.com/advisories/62667 SECUNIA:62680 URL:http://secunia.com/advisories/62680 SECUNIA:62681 URL:http://secunia.com/advisories/62681 SECUNIA:62688 URL:http://secunia.com/advisories/62688 SECUNIA:62690 URL:http://secunia.com/advisories/62690 SECUNIA:62691 URL:http://secunia.com/advisories/62691 SECUNIA:62692 URL:http://secunia.com/advisories/62692 SECUNIA:62698 URL:http://secunia.com/advisories/62698 SECUNIA:62715 URL:http://secunia.com/advisories/62715 SECUNIA:62865 URL:http://secunia.com/advisories/62865 SECUNIA:62870 URL:http://secunia.com/advisories/62870 SECUNIA:62871 URL:http://secunia.com/advisories/62871 SECUNIA:62879 URL:http://secunia.com/advisories/62879 SECUNIA:62883 URL:http://secunia.com/advisories/62883 SECUNIA:62758 URL:http://secunia.com/advisories/62758 SECUNIA:62812 URL:http://secunia.com/advisories/62812 SECUNIA:62813 URL:http://secunia.com/advisories/62813 SECUNIA:62816 URL:http://secunia.com/advisories/62816
Assigning CNA
N/A
Date Entry Created
20141118	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20141118)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org