Vulnerabilities > CVE-2015-0235 - Out-of-bounds Write vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description Exim ESMTP 4.80 glibc gethostbyname - Denial of Service. CVE-2015-0235. Dos exploit for linux platform id EDB-ID:35951 last seen 2016-02-04 modified 2015-01-29 published 2015-01-29 reporter 1n3 source https://www.exploit-db.com/download/35951/ title Exim ESMTP 4.80 glibc gethostbyname - Denial of Service description Exim GHOST (glibc gethostbyname) Buffer Overflow. CVE-2015-0235. Remote exploit for linux platform id EDB-ID:36421 last seen 2016-02-04 modified 2015-03-18 published 2015-03-18 reporter Qualys Corporation source https://www.exploit-db.com/download/36421/ title Exim GHOST glibc gethostbyname Buffer Overflow
Metasploit
description This module can be used to determine hosts vulnerable to the GHOST vulnerability via a call to the WordPress XMLRPC interface. If the target is vulnerable, the system will segfault and return a server error. On patched systems, a normal XMLRPC error is returned. id MSF:AUXILIARY/SCANNER/HTTP/WORDPRESS_GHOST_SCANNER last seen 2020-06-04 modified 2017-07-24 published 2015-01-30 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/wordpress_ghost_scanner.rb title WordPress XMLRPC GHOST Vulnerability Scanner description This module remotely exploits CVE-2015-0235, aka GHOST, a heap-based buffer overflow in the GNU C Library's gethostbyname functions on x86 and x86_64 GNU/Linux systems that run the Exim mail server. id MSF:EXPLOIT/LINUX/SMTP/EXIM_GETHOSTBYNAME_BOF last seen 2020-05-20 modified 2019-12-11 published 2015-03-18 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/smtp/exim_gethostbyname_bof.rb title Exim GHOST (glibc gethostbyname) Buffer Overflow
Nessus
NASL family CGI abuses NASL id PHP_5_4_38.NASL description According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.38. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchant_broker_request_dict function in ext/enchant/enchant.c could allow a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-9705) - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the last seen 2020-06-01 modified 2020-06-02 plugin id 81510 published 2015-02-25 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81510 title PHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(81510); script_version("1.18"); script_cvs_date("Date: 2019/11/25"); script_cve_id("CVE-2014-9705", "CVE-2015-0235", "CVE-2015-0273"); script_bugtraq_id(72325, 72701, 73031); script_xref(name:"CERT", value:"967332"); script_name(english:"PHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST)"); script_summary(english:"Checks the version of PHP."); script_set_attribute(attribute:"synopsis", value: "The remote web server uses a version of PHP that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of PHP 5.4.x installed on the remote host is prior to 5.4.38. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchant_broker_request_dict function in ext/enchant/enchant.c could allow a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-9705) - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the 'ext/date/php_date.c' script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (CVE-2015-0273) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://php.net/ChangeLog-5.php#5.4.38"); script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=68925"); script_set_attribute(attribute:"see_also", value:"https://bugs.php.net/bug.php?id=68942"); # https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7a6ddbd"); script_set_attribute(attribute:"solution", value: "Upgrade to PHP version 5.4.38 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0235"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/12"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php:php"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("php_version.nasl"); script_require_keys("www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); php = get_php_from_kb( port : port, exit_on_fail : TRUE ); version = php["ver"]; source = php["src"]; backported = get_kb_item('www/php/'+port+'/'+version+'/backported'); if (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, "PHP "+version+" install"); # Check that it is the correct version of PHP if (version =~ "^5(\.4)?$") audit(AUDIT_VER_NOT_GRANULAR, "PHP", port, version); if (version !~ "^5\.4\.") audit(AUDIT_NOT_DETECT, "PHP version 5.4.x", port); if (version =~ "^5\.4\.([0-9]|[12][0-9]|3[0-7])($|[^0-9])") { if (report_verbosity > 0) { report = '\n Version source : '+source + '\n Installed version : '+version + '\n Fixed version : 5.4.38' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "PHP", port, version);
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0126.NASL description An updated rhev-hypervisor6 package that fixes multiple security issues is now available for Red Hat Enterprise Virtualization 3. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 81200 published 2015-02-06 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81200 title RHEL 6 : rhev-hypervisor6 (RHSA-2015:0126) (GHOST) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2315.NASL description 19 Feb 2015, PHP 5.6.6 Core : - Removed support for multi-line headers, as the are deprecated by RFC 7230. (Stas) - Fixed bug #67068 (getClosure returns somethings that last seen 2020-06-05 modified 2015-02-24 plugin id 81459 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81459 title Fedora 21 : php-5.6.6-1.fc21 (2015-2315) NASL family CISCO NASL id CISCO-SA-20150128-GHOST-IOSXE_MULTI.NASL description The remote Cisco device is running a version of Cisco IOS XE software that is affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validated user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. Note that only the following devices are listed as affected : - Cisco ASR 1000 Series Aggregation Services Routers - Cisco ASR 920 Series Aggregation Services Routers - Cisco ASR 900 Series Aggregation Services Routers - Cisco 4400 Series Integrated Services Routers - Cisco 4300 Series Integrated Services Routers - Cisco Cloud Services Router 1000V Series last seen 2020-06-01 modified 2020-06-02 plugin id 81594 published 2015-03-02 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81594 title Cisco IOS XE GNU C Library (glibc) Buffer Overflow (CSCus69732) (GHOST) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0024.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don last seen 2020-06-01 modified 2020-06-02 plugin id 81119 published 2015-02-02 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81119 title OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0090.NASL description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 81025 published 2015-01-28 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81025 title CentOS 5 : glibc (CESA-2015:0090) (GHOST) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2015-007.NASL description The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-004 or 2015-007. It is, therefore, affected by multiple vulnerabilities in the following components : - Accelerate Framework - apache_mod_php - ATS - Audio - CFNetwork - CoreGraphics - CoreText - EFI - FontParser - Grand Central Dispatch - ImageIO - IOAcceleratorFamily - Kernel - libarchive - MCX Application Restrictions - OpenGL Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 86829 published 2015-11-10 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86829 title Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201503-04.NASL description The remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 81689 published 2015-03-09 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81689 title GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0092.NASL description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 81034 published 2015-01-28 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81034 title RHEL 6 / 7 : glibc (RHSA-2015:0092) (GHOST) NASL family Palo Alto Local Security Checks NASL id PALO_ALTO_PAN-SA-2015-0002.NASL description The remote host is running a version of Palo Alto Networks PAN-OS equal to or prior to 5.0.15 / 6.0.8 / 6.1.2. It is, therefore, affected by a heap-based buffer overflow in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 81167 published 2015-02-04 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81167 title Palo Alto Networks PAN-OS <= 5.0.15 / 6.0.x <= 6.0.8 / 6.1.x <= 6.1.2 GNU C Library (glibc) Buffer Overflow (GHOST) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0101.NASL description From Red Hat Security Advisory 2015:0101 : Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 81099 published 2015-01-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81099 title Oracle Linux 4 : glibc (ELSA-2015-0101) (GHOST) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3142.NASL description Several vulnerabilities have been fixed in eglibc, Debian last seen 2020-03-17 modified 2015-01-28 plugin id 81029 published 2015-01-28 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81029 title Debian DSA-3142-1 : eglibc - security update NASL family MacOS X Local Security Checks NASL id MACOSX_10_11.NASL description The remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11. It is, therefore, affected by multiple vulnerabilities in the following components : - Address Book - AirScan - apache_mod_php - Apple Online Store Kit - AppleEvents - Audio - bash - Certificate Trust Policy - CFNetwork Cookies - CFNetwork FTPProtocol - CFNetwork HTTPProtocol - CFNetwork Proxies - CFNetwork SSL - CoreCrypto - CoreText - Dev Tools - Disk Images - dyld - EFI - Finder - Game Center - Heimdal - ICU - Install Framework Legacy - Intel Graphics Driver - IOAudioFamily - IOGraphics - IOHIDFamily - IOStorageFamily - Kernel - libc - libpthread - libxpc - Login Window - lukemftpd - Mail - Multipeer Connectivity - NetworkExtension - Notes - OpenSSH - OpenSSL - procmail - remote_cmds - removefile - Ruby - Safari - Safari Downloads - Safari Extensions - Safari Safe Browsing - Security - SMB - SQLite - Telephony - Terminal - tidy - Time Machine - WebKit - WebKit CSS - WebKit JavaScript Bindings - WebKit Page Loading - WebKit Plug-ins Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 86270 published 2015-10-05 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86270 title Mac OS X < 10.11 Multiple Vulnerabilities (GHOST) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-473.NASL description A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 81024 published 2015-01-27 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81024 title Amazon Linux AMI : glibc (ALAS-2015-473) NASL family MacOS X Local Security Checks NASL id MACOSX_10_10_4.NASL description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.4. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth - Certificate Trust Policy - CFNetwork HTTPAuthentication - CoreText - coreTLS - DiskImages - Display Drivers - EFI - FontParser - Graphics Driver - ImageIO - Install Framework Legacy - Intel Graphics Driver - IOAcceleratorFamily - IOFireWireFamily - Kernel - kext tools - Mail - ntfs - ntp - OpenSSL - QuickTime - Security - Spotlight - SQLite - System Stats - TrueTypeScaler - zip Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 84488 published 2015-07-01 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84488 title Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0092.NASL description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 81026 published 2015-01-28 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81026 title CentOS 6 / 7 : glibc (CESA-2015:0092) (GHOST) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-84.NASL description This update for glibc fixes the following security issue : CVE-2015-0235: A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname(), that could lead to a local or remote buffer overflow. (bsc#913646) last seen 2020-06-05 modified 2015-02-03 plugin id 81136 published 2015-02-03 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81136 title openSUSE Security Update : glibc (openSUSE-SU-2015:0184-1) (GHOST) NASL family Scientific Linux Local Security Checks NASL id SL_20150127_GLIBC_ON_SL5_X.NASL description A heap-based buffer overflow was found in glibc last seen 2020-03-18 modified 2015-01-28 plugin id 81037 published 2015-01-28 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81037 title Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20150127) (GHOST) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0765DE84A6C111E4A0C1C485083CA99C.NASL description Robert Kratky reports : GHOST is a last seen 2020-06-01 modified 2020-06-02 plugin id 81062 published 2015-01-29 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81062 title FreeBSD : glibc -- gethostbyname buffer overflow (0765de84-a6c1-11e4-a0c1-c485083ca99c) (GHOST) NASL family CGI abuses NASL id PHP_5_6_6.NASL description According to its banner, the version of PHP 5.6.x installed on the remote host is prior to 5.6.6. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchant_broker_request_dict function in ext/enchant/enchant.c could allow a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-9705) - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the last seen 2020-06-01 modified 2020-06-02 plugin id 81512 published 2015-02-25 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81512 title PHP 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0022.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533). last seen 2020-06-01 modified 2020-06-02 plugin id 81103 published 2015-01-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81103 title OracleVM 3.3 : glibc (OVMSA-2015-0022) (GHOST) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2485-1.NASL description It was discovered that a buffer overflow existed in the gethostbyname and gethostbyname2 functions in the GNU C Library. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 81042 published 2015-01-28 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81042 title Ubuntu 10.04 LTS / 12.04 LTS : eglibc vulnerability (USN-2485-1) (GHOST) NASL family CISCO NASL id CISCO_TELEPRESENCE_VCS_CSCUS69558.NASL description According to its self-reported version number, the Cisco TelePresence Video Communication Server is affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validating user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 81408 published 2015-02-18 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81408 title Cisco TelePresence Video Communication Server GNU glibc gethostbyname Function Buffer Overflow Vulnerability (GHOST) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0090.NASL description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 81033 published 2015-01-28 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81033 title RHEL 5 : glibc (RHSA-2015:0090) (GHOST) NASL family Misc. NASL id XEROX_XRX15R.NASL description According to its model number and software version, the remote Xerox WorkCentre 77XX device is affected by multiple vulnerabilities : - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - A heap-based buffer overflow condition exists in the GNU C Library (glibc) due to improper validation of user-supplied input to the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. This vulnerability is known as GHOST. (CVE-2015-0235) last seen 2020-06-01 modified 2020-06-02 plugin id 87327 published 2015-12-11 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87327 title Xerox WorkCentre 77XX Multiple Vulnerabilities (XRX15R) (FREAK) (GHOST) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-139.NASL description A vulnerability has been fixed in eglibc, Debian last seen 2020-03-17 modified 2015-03-26 plugin id 82122 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82122 title Debian DLA-139-1 : eglibc security update (GHOST) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-494.NASL description A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 82043 published 2015-03-25 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82043 title Amazon Linux AMI : php55 (ALAS-2015-494) (GHOST) NASL family CGI abuses NASL id PHP_5_5_22.NASL description According to its banner, the version of PHP 5.5.x installed on the remote host is prior to 5.5.22. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow flaw in the enchant_broker_request_dict function in ext/enchant/enchant.c could allow a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2014-9705) - A heap-based buffer overflow flaw in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-0235) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the last seen 2020-06-01 modified 2020-06-02 plugin id 81511 published 2015-02-25 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81511 title PHP 5.5.x < 5.5.22 Multiple Vulnerabilities (GHOST) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0013.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Update fix for CVE-2015-7547 (#1296028). - Create helper threads with enough stack for POSIX AIO and timers (#1301625). - Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow (#1296028). - Support loading more libraries with static TLS (#1291270). - Check for NULL arena pointer in _int_pvalloc (#1256890). - Don last seen 2020-06-01 modified 2020-06-02 plugin id 88783 published 2016-02-17 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88783 title OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST) NASL family Firewalls NASL id CHECK_POINT_GAIA_SK104443.NASL description The remote host is running a version of Gaia OS which is affected by a heap buffer overflow vulnerability in glibc which could potentially allow an attacker execute arbitrary code in the context of the user running the affected application. last seen 2020-06-01 modified 2020-06-02 plugin id 104998 published 2017-12-04 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104998 title Check Point Gaia Operating Remote Heap Buffer Overflow (sk104443)(GHOST) NASL family CISCO NASL id CISCO_CUCM_CSCUS66650-GHOST.NASL description According to its self-reported version, the remote Cisco Unified Communications Manager (CUCM) device is affected by a heap-based buffer overflow in the GNU C Library (glibc) due to improperly validating user-supplied input in the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 81546 published 2015-02-26 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81546 title Cisco Unified Communications Manager Remote Buffer Overflow (CSCus66650) (GHOST) NASL family CISCO NASL id CISCO-SA-20150128-ACE.NASL description The Cisco Application Control Engine (ACE) software installed on the remote Cisco IOS device is version A2(3.6d) or A5(3.1b). It is, therefore, affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validating user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 81423 published 2015-02-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81423 title Cisco Application Control Engine GNU glibc gethostbyname Function Buffer Overflow Vulnerability (cisco-sa-20150128-ghost) (GHOST) NASL family CISCO NASL id CISCO_CUPS_CSCUS69785.NASL description According to its self-reported version, the Cisco Unified Communications Manager IM and Presence Server Service is affected by a heap-based buffer overflow condition in the GNU C Library (glibc) due to improper validation of user-supplied input to the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 85449 published 2015-08-17 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85449 title Cisco Unified Communications Manager IM and Presence GNU C Library (glibc) Buffer Overflow (CSCus69785) (GHOST) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2015-028-01.NASL description New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and 14.1 to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 81075 published 2015-01-29 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81075 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : glibc (SSA:2015-028-01) (GHOST) NASL family SuSE Local Security Checks NASL id SUSE_GLIBC-9035.NASL description This update for glibc fixes the following security issue : - A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname(), that can lead to a local or remote buffer overflow. (bsc#913646). (CVE-2015-0235) last seen 2020-06-01 modified 2020-06-02 plugin id 81125 published 2015-02-02 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81125 title SuSE 10 Security Update : glibc (ZYPP Patch Number 9035) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-493.NASL description A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 81829 published 2015-03-17 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81829 title Amazon Linux AMI : php54 (ALAS-2015-493) (GHOST) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0092.NASL description From Red Hat Security Advisory 2015:0092 : Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 81031 published 2015-01-28 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81031 title Oracle Linux 6 / 7 : glibc (ELSA-2015-0092) (GHOST) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1386.NASL description According to the versions of the glibc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236) - An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.(CVE-2018-11237) - elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the last seen 2020-06-01 modified 2020-06-02 plugin id 124889 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124889 title EulerOS Virtualization for ARM 64 3.0.1.0 : glibc (EulerOS-SA-2019-1386) NASL family SuSE Local Security Checks NASL id SUSE_11_GLIBC-150122.NASL description This update for glibc fixes the following security issue : - A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname(), that can lead to a local or remote buffer overflow. (bsc#913646). (CVE-2015-0235) last seen 2020-06-01 modified 2020-06-02 plugin id 81039 published 2015-01-27 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81039 title SuSE 11 Security Update : glibc (SAT Patch Numbers 10202,10204,10206) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0101.NASL description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 81104 published 2015-01-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81104 title RHEL 4 : glibc (RHSA-2015:0101) (GHOST) NASL family CISCO NASL id CISCO-SA-20150128-GHOST-IOSXR_NCS6K.NASL description The remote Cisco device is running a version of Cisco IOS XR software that is potentially affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validated user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. Note that this issue only affects Cisco Network Convergence System 6000 Series routers. last seen 2020-06-01 modified 2020-06-02 plugin id 81596 published 2015-03-02 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81596 title Cisco IOS XR GNU C Library (glibc) Buffer Overflow (GHOST) NASL family CISCO NASL id CISCO_TELEPRESENCE_CONDUCTOR_CSCUS69523.NASL description According to its self-reported version number, the Cisco TelePresence Conductor remote device is affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validating user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 81407 published 2015-02-18 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81407 title Cisco TelePresence Conductor GNU glibc gethostbyname Function Buffer Overflow Vulnerability (GHOST) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2328.NASL description 19 Feb 2015, PHP 5.5.22 Core : - Fixed bug #67068 (getClosure returns somethings that last seen 2020-06-05 modified 2015-03-05 plugin id 81612 published 2015-03-05 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81612 title Fedora 20 : php-5.5.22-1.fc20 (2015-2328) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-039.NASL description A vulnerability has been discovered and corrected in glibc : Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka GHOST. (CVE-2015-0235) The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 81280 published 2015-02-11 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81280 title Mandriva Linux Security Advisory : glibc (MDVSA-2015:039) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0099.NASL description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 and 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 81068 published 2015-01-29 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81068 title RHEL 5 / 6 : glibc (RHSA-2015:0099) (GHOST) NASL family Scientific Linux Local Security Checks NASL id SL_20150127_GLIBC_ON_SL6_X.NASL description A heap-based buffer overflow was found in glibc last seen 2020-03-18 modified 2015-01-28 plugin id 81038 published 2015-01-28 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81038 title Scientific Linux Security Update : glibc on SL6.x, SL7.x i386/x86_64 (20150127) (GHOST) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2015-005.NASL description The remote host is running a version of Mac OS X 10.8.5 or 10.9.5 that is missing Security Update 2015-005. It is, therefore, affected multiple vulnerabilities in the following components : - Admin Framework - afpserver - apache - AppleFSCompression - AppleGraphicsControl - AppleThunderboltEDMService - ATS - Bluetooth - Certificate Trust Policy - CFNetwork HTTPAuthentication - CoreText - coreTLS - DiskImages - Display Drivers - EFI - FontParser - Graphics Driver - ImageIO - Install Framework Legacy - Intel Graphics Driver - IOAcceleratorFamily - IOFireWireFamily - Kernel - kext tools - Mail - ntfs - ntp - OpenSSL - QuickTime - Security - Spotlight - SQLite - System Stats - TrueTypeScaler - zip Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 84489 published 2015-07-01 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84489 title Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam) NASL family MacOS X Local Security Checks NASL id MACOSX_10_11_1.NASL description The remote host is running a version of Mac OS X that is 10.9.5 or later but prior to 10.11.1 It is, therefore, affected by multiple vulnerabilities in the following components : - Accelerate Framework (CVE-2015-5940) - apache_mod_php (CVE-2015-0235, CVE-2015-0273, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838) - ATS (CVE-2015-6985) - Audio (CVE-2015-5933, CVE-2015-5934, CVE-2015-7003) - Bom (CVE-2015-7006) - CFNetwork (CVE-2015-7023) - configd (CVE-2015-7015) - CoreGraphics (CVE-2015-5925, CVE-2015-5926) - CoreText (CVE-2015-5944, CVE-2015-6975, CVE-2015-6992, CVE-2015-7017) - Directory Utility (CVE-2015-6980) - Disk Images (CVE-2015-6995) - EFI (CVE-2015-7035) - File Bookmark (CVE-2015-6987) - FontParser (CVE-2015-5927, CVE-2015-5942, CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, CVE-2015-7018) - Grand Central Dispatch (CVE-2015-6989) - Graphics Drivers (CVE-2015-7019, CVE-2015-7020, CVE-2015-7021) - ImageIO (CVE-2015-5935, CVE-2015-5936, CVE-2015-5937, CVE-2015-5938, CVE-2015-5939) - IOAcceleratorFamily (CVE-2015-6996) - IOHIDFamily (CVE-2015-6974) - Kernel (CVE-2015-5932, CVE-2015-6988, CVE-2015-6994) - libarchive (CVE-2015-6984) - MCX Application Restrictions (CVE-2015-7016) - Net-SNMP (CVE-2014-3565, CVE-2012-6151) - OpenGL (CVE-2015-5924) - OpenSSH (CVE-2015-6563) - Sandbox (CVE-2015-5945) - Script Editor (CVE-2015-7007) - Security (CVE-2015-6983, CVE-2015-7024) - SecurityAgent (CVE-2015-5943) Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 86654 published 2015-10-29 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86654 title Mac OS X < 10.11.1 Multiple Vulnerabilities NASL family Misc. NASL id XEROX_XRX15AD_COLORQUBE.NASL description According to its model number and software version, the remote Xerox ColorQube device is affected by multiple OpenSSL vulnerabilities : - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - A heap-based buffer overflow condition exists in the GNU C Library (glibc) due to improper validation of user-supplied input to the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. This vulnerability is known as GHOST. (CVE-2015-0235) last seen 2020-06-01 modified 2020-06-02 plugin id 87322 published 2015-12-11 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87322 title Xerox ColorQube 92XX Multiple OpenSSL Vulnerabilities (XRX15AD) (FREAK) (GHOST) (POODLE) NASL family CISCO NASL id CISCO-SA-20150128-GHOST-NXOS.NASL description The version of Cisco NX-OS software running on the remote device is affected by a remote code execution vulnerability known as GHOST. A heap-based buffer overflow condition exists in the GNU C Library (glibc) due to improper validation of user-supplied input to the glibc functions __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2(). An unauthenticated, remote attacker can exploit this to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 92412 published 2016-07-19 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92412 title Cisco NX-OS GNU C Library (glibc) Buffer Overflow (GHOST) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0090.NASL description From Red Hat Security Advisory 2015:0090 : Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 81044 published 2015-01-28 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81044 title Oracle Linux 5 : glibc (ELSA-2015-0090) (GHOST) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL16057.NASL description A heap-based buffer overflow was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 86009 published 2015-09-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86009 title F5 Networks BIG-IP : GHOST: glibc gethostbyname buffer overflow vulnerability (K16057) (GHOST) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0023.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don last seen 2020-06-01 modified 2020-06-02 plugin id 81118 published 2015-02-02 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81118 title OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1551.NASL description According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236) - An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution.(CVE-2015-8778) - A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.(CVE-2015-7547) - A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.(CVE-2013-0242) - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.(CVE-2017-1000366) - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132) - It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.(CVE-2014-8121) - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.(CVE-2016-3706) - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.(CVE-2018-1000001) - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.(CVE-2012-4424) - It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application.(CVE-2015-8777) - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.(CVE-2017-15804) - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180) - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.(CVE-2013-2207) - A stack overflow flaw was found in glibc last seen 2020-03-17 modified 2019-05-14 plugin id 125004 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125004 title EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F7A9E415BDCA11E4970C000C292EE6B8.NASL description The PHP Project reports : Use after free vulnerability in unserialize() with DateTimeZone. Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer overflow. last seen 2020-06-01 modified 2020-06-02 plugin id 81559 published 2015-02-27 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81559 title FreeBSD : php5 -- multiple vulnerabilities (f7a9e415-bdca-11e4-970c-000c292ee6b8) (GHOST) NASL family CISCO NASL id CISCO-SA-20150128-GHOST-IOSXE_NOVA.NASL description The remote Cisco device is running a version of Cisco IOS XE software that is potentially affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validated user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. Note that this issue only affects those IOS XE instances that are running as a last seen 2020-06-01 modified 2020-06-02 plugin id 81595 published 2015-03-02 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81595 title Cisco IOS XE GNU GNU C Library (glibc) Buffer Overflow (CSCus69731) (GHOST)
Packetstorm
data source https://packetstormsecurity.com/files/download/130171/ghost-smtp-dos.py.txt id PACKETSTORM:130171 last seen 2016-12-05 published 2015-01-29 reporter Packet Storm source https://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html title Exim ESMTP GHOST Denial Of Service data source https://packetstormsecurity.com/files/download/153278/SA-20190612-0.txt id PACKETSTORM:153278 last seen 2019-06-17 published 2019-06-13 reporter T. Weber source https://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html title WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials data source https://packetstormsecurity.com/files/download/130115/Qualys-CVE-2015-0235.txt id PACKETSTORM:130115 last seen 2016-12-05 published 2015-01-27 reporter Alexander Peslyak source https://packetstormsecurity.com/files/130115/Qualys-Security-Advisory-glibc-gethostbyname-Buffer-Overflow.html title Qualys Security Advisory - glibc gethostbyname Buffer Overflow data source https://packetstormsecurity.com/files/download/130974/exim_gethostbyname_bof.rb.txt id PACKETSTORM:130974 last seen 2016-12-05 published 2015-03-24 reporter Qualys Security Advisory source https://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html title Exim GHOST (glibc gethostbyname) Buffer Overflow
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | <p>近日国外安全研究人员披露一个在 Linux Glibc 库上发现的严重的安全问题,它可以让攻击者在本地或者远程获取操作系统的控制权限,编号为#CVE-2015-0235#,命名为幽灵(GHOST)漏洞。</p><p>什么是GHOST?为什么命名为GHOST?</p><p>漏洞最早起源于:</p><p>The first vulnerable version of the GNU C Library is glibc-2.2, released on November 10, 2000.</p><p>“During a code audit performed internally at Qualys, we discovered a buffer overflow in</p><p>the __nss_hostname_digits_dots() function of the GNU C Library (glibc).</p><p>This bug is reachable both locally and remotely via the gethostbyname*() functions, so we decided to analyze it<br>and its impact thoroughly, and named this vulnerability "GHOST".”</p><p>引用部分大致意思:“漏洞出现在GNU C 函数库(glibc),受影响的函数gethostbyname*(),命名为:GHOST”</p><p><strong>什么是glibc</strong></p><p>glibc 是 GNU 发布的 libc 库,即 c 运行库。glib c是 Linux 系统中最底层的 API,几乎其它任何运行库都会依赖于 glibc。glibc 除了封装 Linux 操作系统所提供的系统服务外,它本身也提供了许多其它一些必要功能服务的实现。glibc 囊括了几乎所有的 UNIX 通行的标准。</p><p><strong>漏洞危害:</strong></p><p>本地与远程都受影响,可以让攻击者在本地或者远程获取操作系统的控制权限。</p><p><strong>受影响版本:</strong></p><p>glibc-2.2 与 glibc-2.17 之间的版本</p><p>glibc 的2.18(发布日期:2013年8月12日)已经已进行了漏洞修复(补丁发布时间:2013年5月21日)</p><p><strong>受影响平台:</strong></p><p><strong> <img src="http://blog.knownsec.com/wp-content/uploads/2015/01/1.28%E9%85%8D%E5%9B%BE1.jpg" alt="1.28配图1" width="580" height="612"></strong></p><p><strong>对此,知道创宇安全研究团队在第一时间研究并发布了部分修复方案:</strong></p><p><strong>Ubuntu12.04修复方案:</strong></p><p>在/etc/apt/sources.list添加官方安全更新源:</p><p>deb <a href="http://security.ubuntu.com/ubuntu" rel="nofollow">http://security.ubuntu.com/ubuntu</a> precise-security main restricted</p><p>deb-src <a href="http://security.ubuntu.com/ubuntu" rel="nofollow">http://security.ubuntu.com/ubuntu</a> precise-security main restricted</p><p>deb <a href="http://security.ubuntu.com/ubuntu" rel="nofollow">http://security.ubuntu.com/ubuntu</a> precise-security universe</p><p>deb-src <a href="http://security.ubuntu.com/ubuntu" rel="nofollow">http://security.ubuntu.com/ubuntu</a> precise-security universe</p><p>deb <a href="http://security.ubuntu.com/ubuntu" rel="nofollow">http://security.ubuntu.com/ubuntu</a> precise-security multiverse</p><p>deb-src <a href="http://security.ubuntu.com/ubuntu" rel="nofollow">http://security.ubuntu.com/ubuntu</a> precise-security multiverse</p><p>然后执行:</p><p>$ sudo apt-get update</p><p>$ sudo apt-get upgrade</p><p><strong>CentOS 6/7:</strong></p><p>使用官方源,然后执行:</p><p># yum clean all && yum update</p><p> </p><p><strong>参考链接:</strong></p><ul><li><a href="http://www.openwall.com/lists/oss-security/2015/01/27/9">http://www.openwall.com/lists/oss-security/2015/01/27/9</a></li><li><a href="http://d.hatena.ne.jp/Kango/20150128/1422409960">http://d.hatena.ne.jp/Kango/20150128/1422409960</a></li></ul> |
id | SSV:89237 |
last seen | 2017-11-19 |
modified | 2015-07-02 |
published | 2015-07-02 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-89237 |
title | Linux glibc 缓冲区溢出 (幽灵(Ghost)) |
The Hacker News
id THN:A649F4ABCE9B99052139693A13D95B14 last seen 2018-01-27 modified 2016-08-04 published 2015-01-27 reporter Swati Khandelwal source https://thehackernews.com/2015/01/ghost-linux-security-vulnerability27.html title Critical GHOST vulnerability affects most Linux Systems id THN:ACBFC80659E47A5B7C81B99570749679 last seen 2018-01-27 modified 2016-02-17 published 2016-02-16 reporter Swati Khandelwal source https://thehackernews.com/2016/02/glibc-linux-flaw.html title Critical glibc Flaw Puts Linux Machines and Apps at Risk (Patch Immediately) id THN:3DD8F9ADFFEB290F33825414D41B0F41 last seen 2018-01-27 modified 2015-01-30 published 2015-01-29 reporter Swati Khandelwal source https://thehackernews.com/2015/01/ghost-linux-security-vulnerability_29.html title GHOST glibc Vulnerability Affects WordPress and PHP applications
Vulner Lab
id | VULNERLAB:1430 |
last seen | 2019-05-29 |
modified | 2015-01-30 |
published | 2015-01-30 |
reporter | Rajivarnan R. [Security Researcher] - Akati Consulting Pvt Ltd |
source | http://www.vulnerability-lab.com/get_content.php?id=1430 |
title | Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure |
References
- http://seclists.org/oss-sec/2015/q1/274
- http://seclists.org/oss-sec/2015/q1/269
- https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
- http://secunia.com/advisories/62691
- http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/
- http://linux.oracle.com/errata/ELSA-2015-0090.html
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671
- http://www-01.ibm.com/support/docview.wss?uid=swg21695835
- https://kc.mcafee.com/corporate/index?page=content&id=SB10100
- http://secunia.com/advisories/62698
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- http://secunia.com/advisories/62692
- https://bto.bluecoat.com/security-advisory/sa90
- http://secunia.com/advisories/62690
- http://www-01.ibm.com/support/docview.wss?uid=swg21695860
- http://secunia.com/advisories/62715
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
- http://secunia.com/advisories/62688
- http://secunia.com/advisories/62681
- http://secunia.com/advisories/62667
- https://www.sophos.com/en-us/support/knowledgebase/121879.aspx
- http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
- http://secunia.com/advisories/62517
- http://secunia.com/advisories/62640
- http://secunia.com/advisories/62680
- http://seclists.org/fulldisclosure/2015/Jan/111
- http://www-01.ibm.com/support/docview.wss?uid=swg21696600
- http://secunia.com/advisories/62883
- http://secunia.com/advisories/62870
- http://secunia.com/advisories/62871
- http://www-01.ibm.com/support/docview.wss?uid=swg21696526
- http://secunia.com/advisories/62879
- http://www-01.ibm.com/support/docview.wss?uid=swg21696602
- http://secunia.com/advisories/62865
- http://www-01.ibm.com/support/docview.wss?uid=swg21696618
- http://www-01.ibm.com/support/docview.wss?uid=swg21696243
- http://www.debian.org/security/2015/dsa-3142
- http://rhn.redhat.com/errata/RHSA-2015-0126.html
- http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
- http://www.securityfocus.com/bid/72325
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:039
- http://marc.info/?l=bugtraq&m=142721102728110&w=2
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
- http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf
- http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
- http://marc.info/?l=bugtraq&m=142781412222323&w=2
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
- http://support.apple.com/kb/HT204942
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- https://support.apple.com/HT205267
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- https://support.apple.com/HT205375
- http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/bid/91787
- http://marc.info/?l=bugtraq&m=142722450701342&w=2
- http://marc.info/?l=bugtraq&m=142296726407499&w=2
- http://marc.info/?l=bugtraq&m=143145428124857&w=2
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668
- https://www.f-secure.com/en/web/labs_global/fsc-2015-1
- http://www-01.ibm.com/support/docview.wss?uid=swg21696131
- http://www-01.ibm.com/support/docview.wss?uid=swg21695774
- http://www-01.ibm.com/support/docview.wss?uid=swg21695695
- http://secunia.com/advisories/62816
- http://secunia.com/advisories/62813
- http://secunia.com/advisories/62812
- http://secunia.com/advisories/62758
- https://security.gentoo.org/glsa/201503-04
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.securitytracker.com/id/1032909
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://security.netapp.com/advisory/ntap-20150127-0001/
- http://www.securityfocus.com/archive/1/534845/100/0/threaded
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- http://seclists.org/fulldisclosure/2019/Jun/18
- https://seclists.org/bugtraq/2019/Jun/14
- http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf
- http://www.openwall.com/lists/oss-security/2021/05/04/7
- http://seclists.org/fulldisclosure/2021/Sep/0
- http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9
- http://seclists.org/fulldisclosure/2022/Jun/36
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html