[Security News] Fault in the library GLIBC CVE-2015-7547

On 18 February 2016 the fault Ghost remade speak of it, a new way to exploit has been discovered.
The library managing the DNS resolver which is part of glibc is vulnerable to a buffer overflow (buffer overflow) when the bookstore getaddrinfo() function is used.
Software using this function are vulnerable if they question domain names or servers DNS controls by a third party or to a "man-in-the-middle" attack.

That allows?

It would be possible to execute code remotely on your system.
For more information you can consult the POC directed by Google:
https://googleonlinesecurity.blogspot.fr/2016/02/CVE-2015-7547-glibc-get...

Since when does it exist?

All versions of glibc since 2.9 are concerned but you should still do whatever your version. Prevention is better than cure.

How to fix the?

To fix this flaw, we recommend that you update your OS. Most makers have made patches available in their packages.
If you have a linux has become obsolete, we recommend a new installation on an updated version.
If you have a shared benefit or complete outsourcing be aware that our teams have already complied.

Other articles related to this fault

http://dankaminsky.com/2016/02/20/skeleton/
http://dankaminsky.com/2016/02/21/ghost/
Debian: https://security-tracker.debian.org/tracker/CVE-2015-7547
CentOS/RedHat: https://access.redhat.com/articles/2161461
Ubuntu: http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7547.html
Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1308943


Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Image CAPTCHA
Enter the characters shown in the image.