[c-nsp] Cisco Security Advisory: GNU glibc gethostbyname Function Buffer Overflow Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Jan 28 18:14:53 EST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Cisco Security Advisory: GNU glibc gethostbyname Function Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20150128-ghost

Revision 1.0

For Public Release 2015 January 28 22:30  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affect applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited.

The glibc library is a commonly used third-party software component that is released by the GNU software project and a number of Cisco products are likely affected.

This advisory will be updated as additional information becomes available. Cisco will release free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVMlqg4pI1I6i1Mx3AQIB3BAAk7tmDO6h92hpzkSFR4cb9gl0ooDPfOXW
nTlaCTcn6Y88prrnUaeE0XPosRJeiooEI7nj3CKbVBBQxF2slbvwb+88Rjx1DZss
8Ilrw2j8nFnfvLTn4mrPJB0LaqQMNImALjzzYahhUiHE3tZ7r2EWuvKiCxGUdQBN
Y+CA1OvSMzoQk35/bNNDPJ4+9GLDLWaXxqmM2AgFf5DU78l3+UpISV4Kdq6DBV9u
E9GMX+u5LPxcUQ1uiuM8b3CaLR337rITz0ZN1KreNwCAj95twPCUF9HaNzWbmiX8
s23JK9Vvn50ulsclyBGR9GGc6c59wqAudJ0EuHn+1Jz68UF9JaGvf6WcV8U5JfZn
SFQFYImpxDzIkeBX/Nu52wHeCY1F9Zus4ZTaQsAOM4vwpL2IQy63GbFXG25o6S8/
IB8r/xdUViCNRd6Crj1updWjoVtKZzC+P8VdAugnLctJXsoQP+rOr2pvm1rKsQjy
9HPR0f6HA2ZNC2nahWuU5vVVozhAlttnMruLYaVxIOYhcoaGCB5EBWQEFSfeeUcF
dvoGrELZlrgUqkZ3ERCHUK8LY7BZn8oiwKVSidl8HRyHDUYFZIQulW+iIg/P9027
q4g/iNM5LBEEGh7JuOEPGhxqO4/wkMGdmiAEhBfGAaKpWXx7x97momIjckl+xvFg
Rh1+9FEfjl0=
=APX3
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list