Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka “GHOST.” [CVE]

This vulnerability affects Linux operating systems such as RedHat, Ubuntu, Debian and Oracle Enterprise Linux and should be patched at the earliest convenience.


[CVE] Common Vulnerabilities and Exposures, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

[QUALYS] Qualys Blog, “The GHOST Vulnerability”, https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability