[Beowulf] glibc gethostbyname() et. al security vulnerability - GHOST

Christopher Samuel samuel at unimelb.edu.au
Tue Jan 27 19:51:06 PST 2015

Hi folks,

Just in case you've not seen the latest remotely exploitable security
vulnerability that came out today - been in glibc since 2000:


# - Despite these limitations, arbitrary code execution can be achieved.
#  As a proof of concept, we developed a full-fledged remote exploit
#  against the Exim mail server, bypassing all existing protections
#  (ASLR, PIE, and NX) on both 32-bit and 64-bit machines. We will
#  publish our exploit as a Metasploit module in the near future.

Updates are out for RHEL 5, 6 & 7 as well as Debian Wheezy.

Some more useful info from the discoverers about services they *suspect*
may not be vulnerable:


# Here is a list of potential targets that we investigated (they
# all call gethostbyname, one way or another), but to the best
# of our knowledge, the buffer overflow cannot be triggered in
# any of them:
# apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
# nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
# pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng,
# tcp_wrappers, vsftpd, xinetd.
# That being said, we believe it would be interesting if other
# people could have a look, just in case we missed something.

 Christopher Samuel        Senior Systems Administrator
 VLSCI - Victorian Life Sciences Computation Initiative
 Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545
 http://www.vlsci.org.au/      http://twitter.com/vlsci

More information about the Beowulf mailing list