Details of VAR-201501-0737

ID

VAR-201501-0737

CVE

CVE-2015-0235

TITLE

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

Trust: 0.8

sources: CERT/CC: VU#967332

DESCRIPTION

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST.". This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name "GHOST". glibc The library contains a buffer overflow vulnerability. glibc Library vulnerable to buffer overflow (CWE-788) there is. The crafted host name gethostbyname Passing to the argument of a function such as will cause a buffer overflow. CWE-788: Access of Memory Location After End of Buffer http://cwe.mitre.org/data/definitions/788.html In addition, National Vulnerability Database (NVD) Then CWE-119 Published as. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer http://cwe.mitre.org/data/definitions/119.htmlArbitrary code execution or denial of service by a remote third party (DoS) Or an attack may be made. Please update or upgrade to one of the following versions or subsequent. Release Date: 2015-05-11 Last Updated: 2015-05-11 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Matrix Operating Environment (MOE). This is the GlibC vulnerability known as "GHOST" which could be exploited remotely resulting in execution of code. References: CVE-2015-0235 SSRT102055 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. All versions of HP Matrix Operating Environment (MOE) BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP Matrix Operating Environment (MOE) uses glibc library delivered as part of the Linux Operating System, which may be vulnerable. Please refer to your Operating System vendor for how to patch your Linux OSs to remove this vulnerability.. HISTORY Version:1 (rev.1) - 11 May 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security update Advisory ID: RHSA-2015:0092-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0092.html Issue date: 2015-01-27 CVE Names: CVE-2015-0235 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: glibc-2.12-1.149.el6_6.5.src.rpm i386: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-headers-2.12-1.149.el6_6.5.i686.rpm glibc-utils-2.12-1.149.el6_6.5.i686.rpm nscd-2.12-1.149.el6_6.5.i686.rpm x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: glibc-2.12-1.149.el6_6.5.src.rpm x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: glibc-2.12-1.149.el6_6.5.src.rpm i386: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-headers-2.12-1.149.el6_6.5.i686.rpm glibc-utils-2.12-1.149.el6_6.5.i686.rpm nscd-2.12-1.149.el6_6.5.i686.rpm ppc64: glibc-2.12-1.149.el6_6.5.ppc.rpm glibc-2.12-1.149.el6_6.5.ppc64.rpm glibc-common-2.12-1.149.el6_6.5.ppc64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.5.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc64.rpm glibc-devel-2.12-1.149.el6_6.5.ppc.rpm glibc-devel-2.12-1.149.el6_6.5.ppc64.rpm glibc-headers-2.12-1.149.el6_6.5.ppc64.rpm glibc-utils-2.12-1.149.el6_6.5.ppc64.rpm nscd-2.12-1.149.el6_6.5.ppc64.rpm s390x: glibc-2.12-1.149.el6_6.5.s390.rpm glibc-2.12-1.149.el6_6.5.s390x.rpm glibc-common-2.12-1.149.el6_6.5.s390x.rpm glibc-debuginfo-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.5.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390x.rpm glibc-devel-2.12-1.149.el6_6.5.s390.rpm glibc-devel-2.12-1.149.el6_6.5.s390x.rpm glibc-headers-2.12-1.149.el6_6.5.s390x.rpm glibc-utils-2.12-1.149.el6_6.5.s390x.rpm nscd-2.12-1.149.el6_6.5.s390x.rpm x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm ppc64: glibc-debuginfo-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.5.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc64.rpm glibc-static-2.12-1.149.el6_6.5.ppc.rpm glibc-static-2.12-1.149.el6_6.5.ppc64.rpm s390x: glibc-debuginfo-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.5.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390x.rpm glibc-static-2.12-1.149.el6_6.5.s390.rpm glibc-static-2.12-1.149.el6_6.5.s390x.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: glibc-2.12-1.149.el6_6.5.src.rpm i386: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-headers-2.12-1.149.el6_6.5.i686.rpm glibc-utils-2.12-1.149.el6_6.5.i686.rpm nscd-2.12-1.149.el6_6.5.i686.rpm x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-55.el7_0.5.src.rpm x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glibc-2.17-55.el7_0.5.src.rpm x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glibc-2.17-55.el7_0.5.src.rpm ppc64: glibc-2.17-55.el7_0.5.ppc.rpm glibc-2.17-55.el7_0.5.ppc64.rpm glibc-common-2.17-55.el7_0.5.ppc64.rpm glibc-debuginfo-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-2.17-55.el7_0.5.ppc64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc64.rpm glibc-devel-2.17-55.el7_0.5.ppc.rpm glibc-devel-2.17-55.el7_0.5.ppc64.rpm glibc-headers-2.17-55.el7_0.5.ppc64.rpm glibc-utils-2.17-55.el7_0.5.ppc64.rpm nscd-2.17-55.el7_0.5.ppc64.rpm s390x: glibc-2.17-55.el7_0.5.s390.rpm glibc-2.17-55.el7_0.5.s390x.rpm glibc-common-2.17-55.el7_0.5.s390x.rpm glibc-debuginfo-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-2.17-55.el7_0.5.s390x.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390x.rpm glibc-devel-2.17-55.el7_0.5.s390.rpm glibc-devel-2.17-55.el7_0.5.s390x.rpm glibc-headers-2.17-55.el7_0.5.s390x.rpm glibc-utils-2.17-55.el7_0.5.s390x.rpm nscd-2.17-55.el7_0.5.s390x.rpm x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: glibc-debuginfo-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-2.17-55.el7_0.5.ppc64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc64.rpm glibc-static-2.17-55.el7_0.5.ppc.rpm glibc-static-2.17-55.el7_0.5.ppc64.rpm s390x: glibc-debuginfo-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-2.17-55.el7_0.5.s390x.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390x.rpm glibc-static-2.17-55.el7_0.5.s390.rpm glibc-static-2.17-55.el7_0.5.s390x.rpm x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-55.el7_0.5.src.rpm x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0235 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUx9bmXlSAg2UNWIIRAjP4AJ9/EPFLyhSuapG8Lie71zPk6VaF8wCfVAw2 VIBda0hF+i0zAuST73ezXzI= =w5UI -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 3.42

sources: NVD: CVE-2015-0235 // CERT/CC: VU#967332 // JVNDB: JVNDB-2013-007061 // JVNDB: JVNDB-2015-001251 // VULHUB: VHN-78181 // PACKETSTORM: 134196 // PACKETSTORM: 131867 // PACKETSTORM: 130114

AFFECTED PRODUCTS

vendor:	oracle	model:	communications policy management	scope:	eq	version:	10.4.1	Trust: 1.8
vendor:	oracle	model:	communications policy management	scope:	eq	version:	9.7.3	Trust: 1.8
vendor:	oracle	model:	communications policy management	scope:	eq	version:	9.9.1	Trust: 1.8
vendor:	oracle	model:	communications session border controller	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	5.5.0	Trust: 1.0
vendor:	oracle	model:	communications user data repository	scope:	gte	version:	10.0.0	Trust: 1.0
vendor:	oracle	model:	communications session border controller	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	communications webrtc session controller	scope:	eq	version:	7.1	Trust: 1.0
vendor:	oracle	model:	exalogic infrastructure	scope:	eq	version:	1.0	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	5	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	5.6.6	Trust: 1.0
vendor:	oracle	model:	communications policy management	scope:	eq	version:	11.5	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	oracle	model:	communications webrtc session controller	scope:	eq	version:	7.0	Trust: 1.0
vendor:	oracle	model:	communications lsms	scope:	eq	version:	13.1	Trust: 1.0
vendor:	ibm	model:	pureapplication system	scope:	eq	version:	1.1.0.0	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	5.6.0	Trust: 1.0
vendor:	oracle	model:	vm virtualbox	scope:	lt	version:	5.1.24	Trust: 1.0
vendor:	oracle	model:	communications application session controller	scope:	lt	version:	3.7.1	Trust: 1.0
vendor:	oracle	model:	communications webrtc session controller	scope:	eq	version:	7.2	Trust: 1.0
vendor:	oracle	model:	communications policy management	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	redhat	model:	virtualization	scope:	eq	version:	6.0	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	7	Trust: 1.0
vendor:	php	model:	php	scope:	gte	version:	5.4.0	Trust: 1.0
vendor:	oracle	model:	communications eagle application processor	scope:	eq	version:	16.0	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	lt	version:	2.18	Trust: 1.0
vendor:	gnu	model:	glibc	scope:	gte	version:	2.0	Trust: 1.0
vendor:	oracle	model:	exalogic infrastructure	scope:	eq	version:	2.0	Trust: 1.0
vendor:	ibm	model:	pureapplication system	scope:	eq	version:	2.0.0.0	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	5.4.38	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.11.1	Trust: 1.0
vendor:	oracle	model:	communications eagle lnp application processor	scope:	eq	version:	10.0	Trust: 1.0
vendor:	oracle	model:	communications session border controller	scope:	lt	version:	7.2.0	Trust: 1.0
vendor:	ibm	model:	security access manager for enterprise single sign-on	scope:	eq	version:	8.2	Trust: 1.0
vendor:	oracle	model:	communications user data repository	scope:	lte	version:	10.0.1	Trust: 1.0
vendor:	ibm	model:	pureapplication system	scope:	eq	version:	1.0.0.0	Trust: 1.0
vendor:	php	model:	php	scope:	lt	version:	5.5.22	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	arch linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	blue coat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	citrix	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	debian gnu linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gentoo linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	juniper	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openwall gnu linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	suse linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	slackware linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ubuntu	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	opensuse	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	gnu	model:	embedded glibc	scope:	lt	version:	2.14	Trust: 0.8
vendor:	suse	model:	linux enterprise server	scope:	-	version:	-	Trust: 0.8
vendor:	gnu	model:	c library	scope:	lte	version:	(glibc) 2.2 from 2.17	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10 to 10.10.3 (ht204942)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.10.5 (ht205375)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 (ht205375)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	lt	version:	10.6.8 thats all 10.11 (ht205267)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5 (ht204942/ht205375)	Trust: 0.8
vendor:	oracle	model:	integrated lights out manager	scope:	lt	version:	(sun system firmware) 8.7.2.b	Trust: 0.8
vendor:	oracle	model:	integrated lights out manager	scope:	lt	version:	(sun system firmware) 9.4.2e	Trust: 0.8
vendor:	oracle	model:	communications applications	scope:	eq	version:	of oracle communications eagle application processor 16.0	Trust: 0.8
vendor:	oracle	model:	communications applications	scope:	eq	version:	of oracle communications eagle lnp application processor 10.0	Trust: 0.8
vendor:	oracle	model:	communications applications	scope:	eq	version:	of oracle communications lsms 13.1	Trust: 0.8
vendor:	oracle	model:	communications applications	scope:	lt	version:	of oracle communications session border controller 7.2.0m4	Trust: 0.8
vendor:	oracle	model:	communications policy management	scope:	lte	version:	12.1.1	Trust: 0.8
vendor:	oracle	model:	ethernet switch	scope:	lt	version:	es2-64 1.9.1.2	Trust: 0.8
vendor:	oracle	model:	ethernet switch	scope:	lt	version:	es2-72 1.9.1.2	Trust: 0.8
vendor:	oracle	model:	fs1-2 flash storage system	scope:	eq	version:	6.1	Trust: 0.8
vendor:	oracle	model:	fs1-2 flash storage system	scope:	eq	version:	6.2	Trust: 0.8
vendor:	oracle	model:	fs1-2 flash storage system	scope:	eq	version:	6.3	Trust: 0.8
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	of oracle exalogic infrastructure 1.x	Trust: 0.8
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	of oracle exalogic infrastructure 2.x	Trust: 0.8
vendor:	oracle	model:	sun systems products suite	scope:	eq	version:	of cisco mds fiber channel switch 5.2	Trust: 0.8
vendor:	oracle	model:	sun systems products suite	scope:	eq	version:	of cisco mds fiber channel switch 6.2	Trust: 0.8
vendor:	oracle	model:	sun systems products suite	scope:	lt	version:	of sun data center infiniband switch 36 2.2.2	Trust: 0.8
vendor:	oracle	model:	sun systems products suite	scope:	lt	version:	of sun network qdr infiniband gateway switch 2.2.2	Trust: 0.8
vendor:	oracle	model:	switch	scope:	lt	version:	es1-24 1.3.1	Trust: 0.8
vendor:	oracle	model:	sparc enterprise m3000 server	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc enterprise m4000 server	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc enterprise m5000 server	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc enterprise m8000 server	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sparc enterprise m9000 server	scope:	-	version:	-	Trust: 0.8
vendor:	oracle	model:	sun blade 6000 ethernet switched nem 24p 10ge	scope:	lt	version:	1.2.2	Trust: 0.8
vendor:	oracle	model:	sun network 10ge switch 72p	scope:	lt	version:	1.2.2	Trust: 0.8
vendor:	oracle	model:	xcp	scope:	lt	version:	1120 (sparc enterprise m3000/m4000/m5000/m8000/m9000 server )	Trust: 0.8
vendor:	oracle	model:	xcp	scope:	lt	version:	2260 (fujitsu m10-1/m10-4/m10-4s server )	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4 for x86 (32bit)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4 for x86_64 (64bit)	Trust: 0.8
vendor:	hewlett packard	model:	hp operations analytics	scope:	eq	version:	2.0	Trust: 0.8
vendor:	hewlett packard	model:	hp operations analytics	scope:	eq	version:	2.1	Trust: 0.8
vendor:	hewlett packard	model:	hp operations analytics	scope:	eq	version:	2.2	Trust: 0.8
vendor:	nec	model:	enterpriseidentitymanager	scope:	eq	version:	linux of the edition	Trust: 0.8
vendor:	nec	model:	securebranch	scope:	eq	version:	3.2.x	Trust: 0.8
vendor:	nec	model:	securebranch	scope:	eq	version:	relay server 3.2.x	Trust: 0.8
vendor:	hitachi	model:	ups management software	scope:	eq	version:	powerchute network shutdown virtualization v3.2	Trust: 0.8

sources: CERT/CC: VU#967332 // JVNDB: JVNDB-2013-007061 // JVNDB: JVNDB-2015-001251 // NVD: CVE-2015-0235

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2015-0235
value:	HIGH
Trust: 2.4
nvd@nist.gov:	CVE-2015-0235
value:	HIGH
Trust: 1.0
VULHUB:	VHN-78181
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0235
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2015-0235
severity:	HIGH
baseScore:	10.0
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
NVD:	CVE-2015-0235
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-78181
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:	CVE-2015-0235
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CERT/CC: VU#967332 // VULHUB: VHN-78181 // JVNDB: JVNDB-2013-007061 // JVNDB: JVNDB-2015-001251 // NVD: CVE-2015-0235

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9
problemtype:	CWE-120	Trust: 0.8
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-78181 // JVNDB: JVNDB-2013-007061 // JVNDB: JVNDB-2015-001251 // NVD: CVE-2015-0235

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 130114

TYPE

arbitrary

Trust: 0.1

sources: PACKETSTORM: 134196

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-007061

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#967332 // VULHUB: VHN-78181

PATCH

title:	Top Page	url:	http://www.eglibc.org/home	Trust: 0.8
title:	Top Page	url:	https://getfedora.org/en/	Trust: 0.8
title:	SUSE-SU-2014:1129-1	url:	https://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html	Trust: 0.8
title:	CVE-2013-4357	url:	https://security-tracker.debian.org/tracker/CVE-2013-4357	Trust: 0.8
title:	USN-2306-1	url:	https://usn.ubuntu.com/2306-1/	Trust: 0.8
title:	USN-2306-2	url:	https://usn.ubuntu.com/2306-2/	Trust: 0.8
title:	USN-2306-3	url:	https://usn.ubuntu.com/2306-3/	Trust: 0.8
title:	APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007	url:	http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html	Trust: 0.8
title:	APPLE-SA-2015-09-30-3 OS X El Capitan 10.11	url:	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Trust: 0.8
title:	APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005	url:	http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html	Trust: 0.8
title:	HT205375	url:	https://support.apple.com/en-us/HT205375	Trust: 0.8
title:	HT205267	url:	https://support.apple.com/en-us/HT205267	Trust: 0.8
title:	HT204942	url:	http://support.apple.com/en-us/HT204942	Trust: 0.8
title:	HT204942	url:	http://support.apple.com/ja-jp/HT204942	Trust: 0.8
title:	HT205375	url:	https://support.apple.com/ja-jp/HT205375	Trust: 0.8
title:	HT205267	url:	http://support.apple.com/ja-jp/HT205267	Trust: 0.8
title:	cisco-sa-20150128-ghost	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost	Trust: 0.8
title:	DSA-3142	url:	https://www.debian.org/security/2015/dsa-3142	Trust: 0.8
title:	HPSBGN03270 SSRT101937	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04577814	Trust: 0.8
title:	HPSBHF03289 SSRT101953	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04602055	Trust: 0.8
title:	1696526	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21696526	Trust: 0.8
title:	1696600	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21696600	Trust: 0.8
title:	1696602	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21696602	Trust: 0.8
title:	1696618	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21696618	Trust: 0.8
title:	1695860	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21695860	Trust: 0.8
title:	1695835	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21695835	Trust: 0.8
title:	1696243	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21696243	Trust: 0.8
title:	アライドテレシス株式会社からの情報	url:	http://jvn.jp/vu/JVNVU99234709/522154/index.html	Trust: 0.8
title:	SB10100	url:	https://kc.mcafee.com/corporate/index?page=content&id=SB10100	Trust: 0.8
title:	NV15-007	url:	http://jpn.nec.com/security-info/secinfo/nv15-007.html	Trust: 0.8
title:	ELSA-2015-0090	url:	http://linux.oracle.com/errata/ELSA-2015-0090.html	Trust: 0.8
title:	ELSA-2015-0092	url:	http://linux.oracle.com/errata/ELSA-2015-0092.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2015	url:	http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - April 2015	url:	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - July 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - July 2015	url:	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - July 2015 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - January 2016	url:	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	Trust: 0.8
title:	Oracle Solaris Third Party Bulletin - April 2015	url:	http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html	Trust: 0.8
title:	RHSA-2015:0126	url:	https://rhn.redhat.com/errata/RHSA-2015-0126.html	Trust: 0.8
title:	RHSA-2015:0092	url:	https://rhn.redhat.com/errata/RHSA-2015-0092.html	Trust: 0.8
title:	SA90	url:	https://bto.bluecoat.com/security-advisory/sa90	Trust: 0.8
title:	January 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/january_2016_critical_patch_update	Trust: 0.8
title:	October 2015 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/october_2015_critical_patch_update	Trust: 0.8
title:	July 2016 Critical Patch Update Released	url:	http://blogs.oracle.com/security/entry/july_2016_critical_patch_update	Trust: 0.8
title:	April 2015 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/april_2015_critical_patch_update	Trust: 0.8
title:	July 2015 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/july_2015_critical_patch_update	Trust: 0.8
title:	October 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/october_2016_critical_patch_update	Trust: 0.8
title:	JSA10671	url:	https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671	Trust: 0.8
title:	Vulnerabilities resolved in TRITON APX Version 8.0	url:	http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	Trust: 0.8
title:	121879	url:	https://www.sophos.com/en-us/support/knowledgebase/121879.aspx	Trust: 0.8
title:	Sophos products and the GHOST vulnerability affecting Linux	url:	http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/	Trust: 0.8
title:	Bug 15014	url:	https://sourceware.org/bugzilla/show_bug.cgi?id=15014	Trust: 0.8
title:	USN-2485-1	url:	http://www.ubuntu.com/usn/usn-2485-1/	Trust: 0.8
title:	サーバ・クライアント製品 glibc(GNU C Library)の脆弱性((CVE-2015-0235) 通称GHOST)による影響について	url:	http://www.hitachi.co.jp/products/it/server/security/info/vulnerable/glibc_cve-2015-0235.html	Trust: 0.8
title:	glibc (GHOST) の脆弱性 (CVE-2015-0235)	url:	https://users.miraclelinux.com/support/?q=node/433	Trust: 0.8
title:	cisco-sa-20150128-ghost	url:	http://www.cisco.com/cisco/web/support/JP/112/1128/1128229_cisco-sa-20150128-ghost-j.html	Trust: 0.8
title:	株式会社バッファローの告知ページ	url:	http://buffalo.jp/support_s/s20150327a.html	Trust: 0.8
title:	TLSA-2015-3	url:	http://www.turbolinux.co.jp/security/2015/TLSA-2015-3j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-007061 // JVNDB: JVNDB-2015-001251

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0235	Trust: 3.8
db:	CERT/CC	id:	VU#967332	Trust: 1.6
db:	BID	id:	91787	Trust: 1.1
db:	BID	id:	72325	Trust: 1.1
db:	PACKETSTORM	id:	167552	Trust: 1.1
db:	PACKETSTORM	id:	164014	Trust: 1.1
db:	PACKETSTORM	id:	130974	Trust: 1.1
db:	PACKETSTORM	id:	153278	Trust: 1.1
db:	PACKETSTORM	id:	130768	Trust: 1.1
db:	PACKETSTORM	id:	130171	Trust: 1.1
db:	SECUNIA	id:	62883	Trust: 1.1
db:	SECUNIA	id:	62690	Trust: 1.1
db:	SECUNIA	id:	62871	Trust: 1.1
db:	SECUNIA	id:	62680	Trust: 1.1
db:	SECUNIA	id:	62517	Trust: 1.1
db:	SECUNIA	id:	62640	Trust: 1.1
db:	SECUNIA	id:	62715	Trust: 1.1
db:	SECUNIA	id:	62812	Trust: 1.1
db:	SECUNIA	id:	62667	Trust: 1.1
db:	SECUNIA	id:	62879	Trust: 1.1
db:	SECUNIA	id:	62813	Trust: 1.1
db:	SECUNIA	id:	62698	Trust: 1.1
db:	SECUNIA	id:	62681	Trust: 1.1
db:	SECUNIA	id:	62692	Trust: 1.1
db:	SECUNIA	id:	62758	Trust: 1.1
db:	SECUNIA	id:	62870	Trust: 1.1
db:	SECUNIA	id:	62816	Trust: 1.1
db:	SECUNIA	id:	62691	Trust: 1.1
db:	SECUNIA	id:	62688	Trust: 1.1
db:	SECUNIA	id:	62865	Trust: 1.1
db:	JUNIPER	id:	JSA10671	Trust: 1.1
db:	SECTRACK	id:	1032909	Trust: 1.1
db:	MCAFEE	id:	SB10100	Trust: 1.1
db:	SIEMENS	id:	SSA-994726	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/05/04/7	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2015/01/27/9	Trust: 0.8
db:	OPENWALL	id:	OSS-SECURITY/2013/09/17/4	Trust: 0.8
db:	OPENWALL	id:	OSS-SECURITY/2015/01/28/18	Trust: 0.8
db:	OPENWALL	id:	OSS-SECURITY/2015/01/29/21	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-007061	Trust: 0.8
db:	JVN	id:	JVNVU92655282	Trust: 0.8
db:	JVN	id:	JVNVU97220341	Trust: 0.8
db:	JVN	id:	JVNVU99234709	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-001251	Trust: 0.8
db:	PACKETSTORM	id:	131867	Trust: 0.2
db:	PACKETSTORM	id:	134196	Trust: 0.2
db:	PACKETSTORM	id:	130114	Trust: 0.2
db:	PACKETSTORM	id:	130115	Trust: 0.1
db:	PACKETSTORM	id:	131214	Trust: 0.1
db:	PACKETSTORM	id:	130216	Trust: 0.1
db:	PACKETSTORM	id:	130100	Trust: 0.1
db:	PACKETSTORM	id:	130134	Trust: 0.1
db:	PACKETSTORM	id:	130135	Trust: 0.1
db:	PACKETSTORM	id:	130099	Trust: 0.1
db:	PACKETSTORM	id:	130163	Trust: 0.1
db:	PACKETSTORM	id:	130333	Trust: 0.1
db:	EXPLOIT-DB	id:	36421	Trust: 0.1
db:	EXPLOIT-DB	id:	35951	Trust: 0.1
db:	CNNVD	id:	CNNVD-201501-658	Trust: 0.1
db:	SEEBUG	id:	SSVID-89237	Trust: 0.1
db:	VULHUB	id:	VHN-78181	Trust: 0.1

sources: CERT/CC: VU#967332 // VULHUB: VHN-78181 // JVNDB: JVNDB-2013-007061 // JVNDB: JVNDB-2015-001251 // PACKETSTORM: 134196 // PACKETSTORM: 131867 // PACKETSTORM: 130114 // NVD: CVE-2015-0235

REFERENCES

url:	https://www.qualys.com/research/security-advisories/ghost-cve-2015-0235.txt	Trust: 2.7
url:	http://www.idirect.net/partners/~/media/files/cve/idirect-posted-common-vulnerabilities-and-exposures.pdf	Trust: 1.9
url:	http://lists.apple.com/archives/security-announce/2015/jun/msg00002.html	Trust: 1.1
url:	http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html	Trust: 1.1
url:	http://lists.apple.com/archives/security-announce/2015/oct/msg00005.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/72325	Trust: 1.1
url:	http://www.securityfocus.com/bid/91787	Trust: 1.1
url:	http://seclists.org/oss-sec/2015/q1/269	Trust: 1.1
url:	http://seclists.org/oss-sec/2015/q1/274	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/534845/100/0/threaded	Trust: 1.1
url:	https://seclists.org/bugtraq/2019/jun/14	Trust: 1.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150128-ghost	Trust: 1.1
url:	http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/	Trust: 1.1
url:	http://linux.oracle.com/errata/elsa-2015-0090.html	Trust: 1.1
url:	http://linux.oracle.com/errata/elsa-2015-0092.html	Trust: 1.1
url:	http://support.apple.com/kb/ht204942	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21695695	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21695774	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21695835	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21695860	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21696131	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21696243	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21696526	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21696600	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21696602	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21696618	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html	Trust: 1.1
url:	http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0	Trust: 1.1
url:	https://bto.bluecoat.com/security-advisory/sa90	Trust: 1.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf	Trust: 1.1
url:	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04874668	Trust: 1.1
url:	https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20150127-0001/	Trust: 1.1
url:	https://support.apple.com/ht205267	Trust: 1.1
url:	https://support.apple.com/ht205375	Trust: 1.1
url:	https://www.f-secure.com/en/web/labs_global/fsc-2015-1	Trust: 1.1
url:	https://www.sophos.com/en-us/support/knowledgebase/121879.aspx	Trust: 1.1
url:	http://www.debian.org/security/2015/dsa-3142	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2015/jan/111	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2019/jun/18	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2021/sep/0	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2022/jun/36	Trust: 1.1
url:	https://security.gentoo.org/glsa/201503-04	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2015:039	Trust: 1.1
url:	http://packetstormsecurity.com/files/130171/exim-esmtp-ghost-denial-of-service.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/130768/emc-secure-remote-services-ghost-sql-injection-command-injection.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/130974/exim-ghost-glibc-gethostbyname-buffer-overflow.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/153278/wago-852-industrial-managed-switch-series-code-execution-hardcoded-credentials.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/164014/moxa-command-injection-cross-site-scripting-vulnerable-software.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/167552/nexans-ftto-gigaswitch-outdated-components-hardcoded-backdoor.html	Trust: 1.1
url:	https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability	Trust: 1.1
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/05/04/7	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2015-0126.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1032909	Trust: 1.1
url:	http://secunia.com/advisories/62517	Trust: 1.1
url:	http://secunia.com/advisories/62640	Trust: 1.1
url:	http://secunia.com/advisories/62667	Trust: 1.1
url:	http://secunia.com/advisories/62680	Trust: 1.1
url:	http://secunia.com/advisories/62681	Trust: 1.1
url:	http://secunia.com/advisories/62688	Trust: 1.1
url:	http://secunia.com/advisories/62690	Trust: 1.1
url:	http://secunia.com/advisories/62691	Trust: 1.1
url:	http://secunia.com/advisories/62692	Trust: 1.1
url:	http://secunia.com/advisories/62698	Trust: 1.1
url:	http://secunia.com/advisories/62715	Trust: 1.1
url:	http://secunia.com/advisories/62758	Trust: 1.1
url:	http://secunia.com/advisories/62812	Trust: 1.1
url:	http://secunia.com/advisories/62813	Trust: 1.1
url:	http://secunia.com/advisories/62816	Trust: 1.1
url:	http://secunia.com/advisories/62865	Trust: 1.1
url:	http://secunia.com/advisories/62870	Trust: 1.1
url:	http://secunia.com/advisories/62871	Trust: 1.1
url:	http://secunia.com/advisories/62879	Trust: 1.1
url:	http://secunia.com/advisories/62883	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=142296726407499&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142721102728110&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142722450701342&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=142781412222323&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=143145428124857&w=2	Trust: 1.0
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10671	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10100	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2015/01/27/9	Trust: 0.8
url:	https://security-tracker.debian.org/tracker/cve-2015-0235	Trust: 0.8
url:	https://rhn.redhat.com/errata/rhsa-2015-0099.html	Trust: 0.8
url:	http://lists.suse.com/pipermail/sle-security-updates/2015-january/001186.html	Trust: 0.8
url:	http://www.slackware.com/security/list.php?l=slackware-security&y=2015	Trust: 0.8
url:	https://wiki.ubuntu.com/securityteam/knowledgebase/ghost	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4357	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-4357	Trust: 0.8
url:	https://www.openwall.com/lists/oss-security/2013/09/17/4	Trust: 0.8
url:	http://www.openwall.com/lists/oss-security/2015/01/28/18	Trust: 0.8
url:	http://www.openwall.com/lists/oss-security/2015/01/29/21	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0235	Trust: 0.8
url:	http://www.ipa.go.jp/security/announce/20150129-glibc.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99234709/	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97220341/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92655282/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0235	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/967332	Trust: 0.8
url:	http://www.aratana.jp/security/detail.php?id=12	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0235	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10671	Trust: 0.1
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10100	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142296726407499&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142781412222323&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142722450701342&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142721102728110&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=143145428124857&w=2	Trust: 0.1
url:	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n	Trust: 0.1
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.1
url:	https://h10145.www1.hpe.com/sso/index.aspx?returnurl=..%2fdownloads%2fdow	Trust: 0.1
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/	Trust: 0.1
url:	http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-0235	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2015-0092.html	Trust: 0.1

CREDITS

Trust: 0.2

sources: PACKETSTORM: 134196 // PACKETSTORM: 131867

SOURCES

db:	CERT/CC	id:	VU#967332
db:	VULHUB	id:	VHN-78181
db:	JVNDB	id:	JVNDB-2013-007061
db:	JVNDB	id:	JVNDB-2015-001251
db:	PACKETSTORM	id:	134196
db:	PACKETSTORM	id:	131867
db:	PACKETSTORM	id:	130114
db:	NVD	id:	CVE-2015-0235

LAST UPDATE DATE

2024-11-20T21:59:40.908000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#967332	date:	2015-10-22T00:00:00
db:	VULHUB	id:	VHN-78181	date:	2021-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-007061	date:	2020-01-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-001251	date:	2016-11-22T00:00:00
db:	NVD	id:	CVE-2015-0235	date:	2024-02-14T01:17:43.863

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#967332	date:	2015-01-28T00:00:00
db:	VULHUB	id:	VHN-78181	date:	2015-01-28T00:00:00
db:	JVNDB	id:	JVNDB-2013-007061	date:	2020-01-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-001251	date:	2015-01-29T00:00:00
db:	PACKETSTORM	id:	134196	date:	2015-11-03T16:53:42
db:	PACKETSTORM	id:	131867	date:	2015-05-13T01:22:44
db:	PACKETSTORM	id:	130114	date:	2015-01-27T19:35:59
db:	NVD	id:	CVE-2015-0235	date:	2015-01-28T19:59:00.063