Problem: This knowledgebase article addresses an exploit entitled GHOST. Officially it is known as CVE-2015-0235. The GHOST name comes from GetHOSTByName. It causes a buffer overflow in calls to
gethostbyname and gethostbyname2 in operating environments
using glibc.
Analysis: Clearly buffer overflows of any kind cause trouble. This vulnerability
causes trouble in calls to gethostbyname and gethostbyname2.
Fortunately, NET+OS does not use or ship glibc and thus is not
vulnerable to the GHOST (CVE-2015-0235) exploit.
Solution: No action is required by the customer as NET+OS is not
vulnerable to CVE-2015-0235.
Citations:
GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235).
Copyright 2003 - 2013 Trustwave.
http://blog.spiderlabs.com/2015/01/ghost-gethostbyname-heap-overflow-in-glibc-cve-2015-0235.html
GHOST: glibc vulnerability (CVE-2015-0235).
Copyright 2015 Red Hat Inc.
https://access.redhat.com/articles/1332213
Last updated:
Oct 21, 2024