#VU84832 Out-of-bounds write in Glibc - CVE-2015-0235

Vulnerability identifier: #VU84832

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-0235

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Glibc
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc. A remote attacker can execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability..

Vulnerable software versions

Glibc: 2.2

---

External links
https://seclists.org/oss-sec/2015/q1/274
https://seclists.org/oss-sec/2015/q1/269
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
https://secunia.com/advisories/62691
https://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
https://linux.oracle.com/errata/ELSA-2015-0090.html
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
https://www-01.ibm.com/support/docview.wss?uid=swg21695835
https://kc.mcafee.com/corporate/index?page=content&id=SB10100
https://secunia.com/advisories/62698
https://linux.oracle.com/errata/ELSA-2015-0092.html
https://secunia.com/advisories/62692
https://bto.bluecoat.com/security-advisory/sa90
https://secunia.com/advisories/62690
https://www-01.ibm.com/support/docview.wss?uid=swg21695860
https://secunia.com/advisories/62715
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
https://secunia.com/advisories/62688
https://secunia.com/advisories/62681
https://secunia.com/advisories/62667
https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
https://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
https://secunia.com/advisories/62517
https://secunia.com/advisories/62640
https://secunia.com/advisories/62680
https://seclists.org/fulldisclosure/2015/Jan/111
https://www-01.ibm.com/support/docview.wss?uid=swg21696600
https://secunia.com/advisories/62883
https://secunia.com/advisories/62870
https://secunia.com/advisories/62871
https://www-01.ibm.com/support/docview.wss?uid=swg21696526
https://secunia.com/advisories/62879
https://www-01.ibm.com/support/docview.wss?uid=swg21696602
https://secunia.com/advisories/62865
https://www-01.ibm.com/support/docview.wss?uid=swg21696618
https://www-01.ibm.com/support/docview.wss?uid=swg21696243
https://www.debian.org/security/2015/dsa-3142
https://rhn.redhat.com/errata/RHSA-2015-0126.html
https://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
https://www.securityfocus.com/bid/72325
https://www.mandriva.com/security/advisories?name=MDVSA-2015:039
https://marc.info/?l=bugtraq&m=142721102728110&w=2
https://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
https://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
https://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
https://marc.info/?l=bugtraq&m=142781412222323&w=2
https://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
https://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
https://support.apple.com/kb/HT204942
https://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
https://support.apple.com/HT205267
https://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
https://support.apple.com/HT205375
https://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
https://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://www.securityfocus.com/bid/91787
https://marc.info/?l=bugtraq&m=142722450701342&w=2
https://marc.info/?l=bugtraq&m=142296726407499&w=2
https://marc.info/?l=bugtraq&m=143145428124857&w=2
https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
https://www.f-secure.com/en/web/labs_global/fsc-2015-1
https://www-01.ibm.com/support/docview.wss?uid=swg21696131
https://www-01.ibm.com/support/docview.wss?uid=swg21695774
https://www-01.ibm.com/support/docview.wss?uid=swg21695695
https://secunia.com/advisories/62816
https://secunia.com/advisories/62813
https://secunia.com/advisories/62812
https://secunia.com/advisories/62758
https://security.gentoo.org/glsa/201503-04
https://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
https://www.securitytracker.com/id/1032909
https://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://security.netapp.com/advisory/ntap-20150127-0001/
https://www.securityfocus.com/archive/1/534845/100/0/threaded
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://seclists.org/fulldisclosure/2019/Jun/18
https://seclists.org/bugtraq/2019/Jun/14
https://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf
https://www.openwall.com/lists/oss-security/2021/05/04/7
https://seclists.org/fulldisclosure/2021/Sep/0
https://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9
https://seclists.org/fulldisclosure/2022/Jun/36
https://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.