Title: CVE-2015-0235 (glibc buffer overflow) | |
computerhelp > Computer Questions > Linux | Go to subcategory: |
Author | Content |
D_Runner | |
Date Posted:01/27/2015 9:42 PMCopy HTML A vulnerability originally affecting Linux servers, in which a buffer overflow in the glibc library can potentially be used by a remote attacker to execute arbitrary code with the permissions of the currently running user, has been shown to also be a possible attack mode on client systems. No actual exploit code is "in the wild" as of yet. A patch has existed for two years, but many servers have not been patched. Stay abreast of your distro's updates and keep your repositories current even if you're not running a server, since any application that uses glibc could be potentially exposed through CVE-2015-0235 if your currently installed library does not contain the patch. Some distros have not updated the glibc in their systems or repositories, though this should be changing quickly.
Further information is available here: http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/ DR |
|
D_Runner | Share to: #1 |
Re:CVE-2015-0235 (glibc buffer overflow) Date Posted:01/28/2015 3:04 AMCopy HTML Most currently available information on CVE-2015-0235 is easily accessible through links on the Debian Security Tracker:
https://security-tracker.debian.org/tracker/CVE-2015-0235 Please check your version on glibc/eglibc if you are running a server; not all distros are exposed to this potential exploit. DR |