Jump to content

'Ghost' security flaw is as bad as Shellshock, allowing remote code execution

SIGSEGV
By SIGSEGV
in Tech News
 Share
Posted

http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/

Honestly, this is interesting... And pretty bad... I wonder who will exploit this bug on a major website maliciously first...

"My game vs my brains, who gets more fatal errors?" ~ Camper125Lv, GMC Jam #15

Link to post
Share on other sites
Posted

This sounds like a serious problem, hope it gets fixed soon. You have to wonder though, how much damage has been done before discovering this flaw (and to a lesser extent will be done). 

 

 

 

The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that's invoked by the gethostbyname() and gethostbyname2() function calls.
(...)
The glibc is the most common code library used by Linux. It contains standard functions that programs written in the C and C++ languages use to carry out common tasks. The vulnerability also affects Linux programs written in Python, Ruby, and most other languages because they also rely on glibc. As a result, most Linux systems should be presumed vulnerable unless they run an alternative to glibc or use a glibc version that contains the update from two years ago.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×