FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2015-0235

This CVE name corresponds to:

Entered	Topic
2015-02-26	php5 -- multiple vulnerabilities
2015-01-28	glibc -- gethostbyname buffer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2015-0235 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2015-0235
Phase	Assigned(20141118)

Description

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

References

Source	Reference
BUGTRAQ	20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
BUGTRAQ	20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
BUGTRAQ	20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235
FULLDISC	20150128 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
MISC	https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
MISC	http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
MISC	http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
MISC	http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
MISC	https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
CONFIRM	http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
CONFIRM	http://linux.oracle.com/errata/ELSA-2015-0090.html
CONFIRM	http://linux.oracle.com/errata/ELSA-2015-0092.html
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg21695835
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg21695860
CONFIRM	https://bto.bluecoat.com/security-advisory/sa90
CONFIRM	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
CONFIRM	https://kc.mcafee.com/corporate/index?page=content&id=SB10100
CONFIRM	https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg21696243
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg21696526
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg21696600
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg21696602
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg21696618
CONFIRM	http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
CONFIRM	http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
CONFIRM	http://support.apple.com/kb/HT204942
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
CONFIRM	https://support.apple.com/HT205267
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CONFIRM	https://support.apple.com/HT205375
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
CONFIRM	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
APPLE	APPLE-SA-2015-06-30-2
APPLE	APPLE-SA-2015-09-30-3
APPLE	APPLE-SA-2015-10-21-4
CISCO	20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
DEBIAN	DSA-3142
HP	HPSBHF03289
HP	SSRT101953
HP	HPSBGN03270
HP	SSRT101937
MANDRIVA	MDVSA-2015:039
REDHAT	RHSA-2015:0126
BID	72325
BID	91787
SECUNIA	62517
SECUNIA	62640
SECUNIA	62667
SECUNIA	62680
SECUNIA	62681
SECUNIA	62688
SECUNIA	62690
SECUNIA	62691
SECUNIA	62692
SECUNIA	62698
SECUNIA	62715
SECUNIA	62865
SECUNIA	62870
SECUNIA	62871
SECUNIA	62879
SECUNIA	62883