[vpsFree.cz: community-list] [BUG] glibc
Petr Tesařík
vps at tesarici.cz
Wed Jan 28 15:41:16 CET 2015
V Wed, 28 Jan 2015 14:03:03 +0100
Jirka Bourek <trekker.dk at abclinuxu.cz> napsal:
> Tak ono je to živí, takže je humbuk samozřejmě v jejich zájmu.
>
> Na druhou stranu pokud se jim povedlo získat shell tak, že postiženému
> serveru poslali dobře vyrobený mail, tak možná humbuk neuškodí (otázka
> samozřejmě je, co to bylo za server a jak byl nastavený)
To nevím, ale vím tohle:
> Here is a list of potential targets that we investigated (they all
> call gethostbyname, one way or another), but to the best of our
> knowledge, the buffer overflow cannot be triggered in any of them:
>
> apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
> nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
> pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng,
> tcp_wrappers, vsftpd, xinetd.
Petr T
> Petr Tesařík wrote:
> > V Wed, 28 Jan 2015 10:21:15 +0100
> > Jirka Bourek <trekker.dk at abclinuxu.cz> napsal:
> >
> >> Podle všeho je "nový" skoro dva roky... :-(
> >
> > Aha, GHOST... Ano, to se teď bude hodně diskutovat... Dovolím si
> > ocitovat jednoho kolegu:
> >
> >> Qualys apparently wants to have it a big issue, so they invented a code
> >> word "GHOST", made a youtube video etc etc.
> >>
> >> https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
> >
> > Hlavně hodně humbuku. :-/
> >
> > Petr T
> >
> >> Jiří Medvěd wrote:
> >>>
> >>> -----BEGIN PGP SIGNED MESSAGE-----
> >>> Hash: SHA1
> >>>
> >>> Ahoj,
> >>> objevil se novy bug v knihovne glibc, prosim o update na Vasich VPSkach :))
> >>>
> >>> Bug v glibc:
> >>> <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
> >>>
> >>> <https://security-tracker.debian.org/tracker/CVE-2015-0235>https://security-tracker.debian.org/tracker/CVE-2015-0235
> >>>
> >>> Clanek:
> >>> <http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/>http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/
> >>>
> >>> Diky, Medved
> >>> -----BEGIN PGP SIGNATURE-----
> >>> Version: GnuPG v1
> >>>
> >>> iQIcBAEBAgAGBQJUyI2lAAoJEPT7B3rGVO3VsOsP/jo11DSxbgsWHGte6OQ2jJNI
> >>> 9Y6AW+Hfx8xaT4aLZcRanvglklQGjqsTmP+NiKGSMnVM7yuZvX8Jt3yvGVaEqJD6
> >>> tn1Y8/Xad22lF4QJfnijfdSVogPAxN4MZbu/udsV+vcNjBoU5sk226q04Y4HlX5+
> >>> kXytFO4yBBhlqZFTjdkEsLte2aFfr44TtwwUP9Q1YdtBu88R+HovDnUoNMJRVEmG
> >>> R4rZVfPRRcICpnEPS6p+CtkocvB18nZkU8HaPFfHkSdcqBw1F4bQhCdT15ujzbhD
> >>> ECM0t31x/iwRL/4W2sABlAHtsUfHVU5/GGyiOPypHRaQLg84CZYVuhM1Au8O/rUY
> >>> qV4sg2q+fAbr0mn8lq3i9TO937R+oGNm54mpoYknnF5RLvvUaNYgQHjMClB60eOX
> >>> x7LP3WT+22Nvgo4HmCS7uJ9/xNlLHNtcklXOE7mNazzFxRGYiDzrLl/K2G+uUSS+
> >>> AZvGsQkmhq7d4IQJjHE5dE0v+8j5bVbZOJFS6by9yoNXMEl0Mx5WjcrNHYlKsacN
> >>> c0tjgtyezgUc8tq02EdsInZ2AWbvEvUWNLEr7Nd1jYB5UjK0LFBUZRiLQHVgFjtg
> >>> NrL7UVeelKSYXOd0rRBrZkAjfYo0ApYw6w86+cjorYy69Vacc1e4PBqMDFcqXYfV
> >>> sSI0MxapvNQMNtXFxgEM
> >>> =nG7c
> >>> -----END PGP SIGNATURE-----
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Community-list mailing list
> >>> Community-list at lists.vpsfree.cz
> >>> http://lists.vpsfree.cz/listinfo/community-list
> >>>
> >> _______________________________________________
> >> Community-list mailing list
> >> Community-list at lists.vpsfree.cz
> >> http://lists.vpsfree.cz/listinfo/community-list
> >
> > _______________________________________________
> > Community-list mailing list
> > Community-list at lists.vpsfree.cz
> > http://lists.vpsfree.cz/listinfo/community-list
> >
> _______________________________________________
> Community-list mailing list
> Community-list at lists.vpsfree.cz
> http://lists.vpsfree.cz/listinfo/community-list
More information about the Community-list
mailing list