Mitigation Instructions for CVE-2015-0235

Subject: CVE-2015-0235 GHOST Vulnerability

Tech Stack:

• glibc (GNU C Library)

Date Issued:

• Original Date: 2015-01-27
• Last Modified Date: 2015-02-02

Criticality:

• Severity: High
• Description: Remote code execution vulnerability in the gethostbyname functions of the glibc library.

Overview:

• CVE-2015-0235, known as the GHOST vulnerability, allows remote attackers to execute arbitrary code using crafted DNS responses. It affects systems using glibc versions prior to 2.18.

Attack Mechanisms:

1. Attacker sends a crafted DNS response to a vulnerable application.
2. The application calls gethostbyname functions, leading to a buffer overflow.
3. The overflow allows execution of arbitrary code.

Affected Systems:

• Linux distributions using glibc versions < 2.18.

Mitigation Solution:

1. Upgrade: Update to glibc version 2.18 or later.
2. Patch: Apply vendor-provided patches for your Linux distribution.
3. Reboot: Restart affected services and systems to apply changes.

References:

• Red Hat Advisory
• Debian Security Tracker