Glibc GHOST Vulnerability # CVE-2015-0235

A very serious vulnerability has been found and patched in the GNU C Library called Glibc on 27th January 2015. A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function calls. An attacker can use this vulnerability to execute arbitrary code. You can test the bug using the following C code.

#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#define GHOST “another_bug_here”

struct {
char buff[1024];
char bughost[sizeof(GHOST)];
} xx = { “buff”, GHOST };

int main(void) {
struct hostent buffer;
struct hostent *value;
int herrno;
int val;

size_t len = sizeof(xx.buff) – 16*sizeof(unsigned char) – 2*sizeof(char *) – 1;
char buff_name[sizeof(xx.buff)];
memset(buff_name, ‘0’, len);
buff_name[len] = ‘\0’;

val = gethostbyname_r(buff_name, &buffer, xx.buff, sizeof(xx.buff), &value, &herrno);

if (strcmp(xx.bughost, GHOST) != 0) {
if (val == ERANGE) {
puts(“not vulnerable”);

Compile and run and you’ll come to know whether your kernel has been patched or not. To fix the vulnerability run following commands as root.

sudo apt-get clean
sudo apt-get update
sudo apt-get upgrade

Optionally you can also run sudo apt-get dist-upgrade to upgrade your kernel afterwards.

Jay KumarGlibc GHOST Vulnerability # CVE-2015-0235