computerhelp Aimoo Forum List | Ticket | Today | Member | Search | Who's On | Help | Sign In | |
computerhelp > Computer Questions > Linux Go to subcategory:
Author Content
D_Runner
  • Subscribe Thread
  • Rank:Diamond Member
  • Score:2669
  • Posts:2669
  • From:USA
  • Register:12/15/2008 12:30 AM

Date Posted:01/27/2015 9:42 PMCopy HTML

A vulnerability originally affecting Linux servers, in which a buffer overflow in the glibc library can potentially be used by a remote attacker to execute arbitrary code with the permissions of the currently running user, has been shown to also be a possible attack mode on client systems. No actual exploit code is "in the wild" as of yet. A patch has existed for two years, but many servers have not been patched. Stay abreast of your distro's updates and keep your repositories current even if you're not running a server, since any application that uses glibc could be potentially exposed through CVE-2015-0235 if your currently installed library does not contain the patch. Some distros have not updated the glibc in their systems or repositories, though this should be changing quickly.

Further information is available here:

http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/

DR
D_Runner Share to: Facebook Twitter MSN linkedin google yahoo #1
  • Rank:Diamond Member
  • Score:2669
  • Posts:2669
  • From:USA
  • Register:12/15/2008 12:30 AM

Re:CVE-2015-0235 (glibc buffer overflow)

Date Posted:01/28/2015 3:04 AMCopy HTML

Most currently available information on CVE-2015-0235 is easily accessible through links on the Debian Security Tracker:

https://security-tracker.debian.org/tracker/CVE-2015-0235

Please check your version on glibc/eglibc if you are running a server; not all distros are exposed to this potential exploit.

DR


Copyright © 2000- Aimoo Free Forum All rights reserved.