{ "id": "CVE-2015-0235", "sourceIdentifier": "secalert@redhat.com", "published": "2015-01-28T19:59:00.063", "lastModified": "2022-07-05T18:42:42.710", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\"" }, { "lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con la funci\u00edn (1) gethostbyname o (2) gethostbyname2, tambi\u00e9n conocido como 'GHOST.'" } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-787" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0", "versionEndExcluding": "2.18", "matchCriteriaId": "66C0FCBE-FCED-4169-AEED-E70F5B34094D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.7.1", "matchCriteriaId": "03E73D34-9239-46F7-9E98-4132964B2CD8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "E9FDB6EE-EC5D-44F2-AEA0-0B605D5C6742" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D195BC4C-DAC2-4C71-B83B-4149E86B5F42" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "E14AECDA-5C63-40F0-81FF-17BBFA487577" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_policy_management:9.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "7CFEA80F-FC5D-4DAA-8810-3C26F6D8377F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_policy_management:9.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "1C1B1DA1-CB11-42D6-9F28-C1588A7A7D45" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_policy_management:10.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F696923E-E5AB-4473-B404-A6CCB33B6DB8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_policy_management:11.5:*:*:*:*:*:*:*", "matchCriteriaId": "6234C878-15CE-4B71-B825-DA088554A2FD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AE69A446-E765-4141-83F6-B58EA7E3783A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2.0", "matchCriteriaId": "11A5042B-79F8-4A86-996A-F56B925AAA05" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:7.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "1F38C38F-5669-448C-9566-783BEC7AB04B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0", "versionEndIncluding": "10.0.1", "matchCriteriaId": "2D37A84E-1FC0-43B2-A8E5-A8E3B26EF0E0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "EFDB5ADE-F4DF-4054-8628-5EF6C5DB864B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "59C4F882-5B42-43E6-9CCC-D2AB23117A7C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB059A52-DE6D-47FB-98E8-5A788E1C0FC0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D70580AD-2134-49D3-BE15-020023A10E87" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.1.24", "matchCriteriaId": "90F6AEA6-D52A-4655-9B89-CE5F8AA21E95" }, { "vulnerable": true, "criteria": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*", "matchCriteriaId": "62A2AC02-A933-4E51-810E-5D040B476B7B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*", "matchCriteriaId": "D1137279-81F0-4F6B-8E91-95590106BADF" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "37BA55FC-D350-4DEB-9802-40AF59C99E79" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.11.1", "matchCriteriaId": "FC5E0720-43A6-4E46-83B2-A9C228824AB3" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:pureapplication_system:1.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5D7AB60B-E38B-42C7-B785-D9520C1F5564" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:pureapplication_system:1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D657332-C9B9-4E7B-89D9-5AEF3501141A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "575894EE-F13C-4D56-8B63-59A379F63BD2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:security_access_manager_for_enterprise_single_sign-on:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "18430B37-84B3-4B88-A256-7BE9B48A3A52" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.0", "versionEndExcluding": "5.4.38", "matchCriteriaId": "82D9C83C-2968-4C63-851D-AE8DBEF02296" }, { "vulnerable": true, "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5.0", "versionEndExcluding": "5.5.22", "matchCriteriaId": "B70DA5B9-36FC-44F1-A372-4A736D1CB043" }, { "vulnerable": true, "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.6.0", "versionEndExcluding": "5.6.6", "matchCriteriaId": "E88B9450-0A63-4FEA-98FE-AE92F7E54AA9" } ] } ] } ], "references": [ { "url": "http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://linux.oracle.com/errata/ELSA-2015-0090.html", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://linux.oracle.com/errata/ELSA-2015-0092.html", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html", "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html", "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://marc.info/?l=bugtraq&m=142296726407499&w=2", "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url": "http://marc.info/?l=bugtraq&m=142721102728110&w=2", "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url": "http://marc.info/?l=bugtraq&m=142722450701342&w=2", "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url": "http://marc.info/?l=bugtraq&m=142781412222323&w=2", "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url": "http://marc.info/?l=bugtraq&m=143145428124857&w=2", "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Mailing List", "Third Party Advisory" ] }, { "url": "http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html", "source": "secalert@redhat.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html", "source": "secalert@redhat.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html", "source": "secalert@redhat.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html", "source": "secalert@redhat.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html", "source": "secalert@redhat.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2015/Jan/111", "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2019/Jun/18", "source": "secalert@redhat.com", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2021/Sep/0", "source": "secalert@redhat.com", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2022/Jun/36", "source": "secalert@redhat.com", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url": "http://seclists.org/oss-sec/2015/q1/269", "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://seclists.org/oss-sec/2015/q1/274", "source": "secalert@redhat.com", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url": "http://secunia.com/advisories/62865", "source": "secalert@redhat.com", "tags": [ "Not Applicable" ] }, { "url": "http://secunia.com/advisories/62870", "source": "secalert@redhat.com", "tags": [ "Not Applicable" ] }, { "url": "http://secunia.com/advisories/62871", "source": "secalert@redhat.com", "tags": [ "Not Applicable" ] }, { "url": "http://secunia.com/advisories/62879", "source": "secalert@redhat.com", "tags": [ "Not Applicable" ] }, { "url": "http://secunia.com/advisories/62883", "source": "secalert@redhat.com", "tags": [ "Not Applicable" ] }, { "url": "http://support.apple.com/kb/HT204942", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695695", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695774", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695835", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695860", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696131", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696243", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696526", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696600", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696602", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21696618", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.debian.org/security/2015/dsa-3142", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf", "source": "secalert@redhat.com", "tags": [ "Broken Link" ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:039", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7", "source": "secalert@redhat.com", "tags": [ "Exploit", "Mailing List" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.securityfocus.com/archive/1/534845/100/0/threaded", "source": "secalert@redhat.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securityfocus.com/bid/72325", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securityfocus.com/bid/91787", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1032909", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", "source": "secalert@redhat.com", "tags": [ "Broken Link", "Permissions Required" ] }, { "url": "https://bto.bluecoat.com/security-advisory/sa90", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10100", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://seclists.org/bugtraq/2019/Jun/14", "source": "secalert@redhat.com", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url": "https://security.gentoo.org/glsa/201503-04", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://security.netapp.com/advisory/ntap-20150127-0001/", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://support.apple.com/HT205267", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://support.apple.com/HT205375", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.f-secure.com/en/web/labs_global/fsc-2015-1", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.sophos.com/en-us/support/knowledgebase/121879.aspx", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] } ] }