oss-security - Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Tue, 27 Jan 2015 18:36:26 -0800
From: Qualys Security Advisory <qsa@...lys.com>
To: endrazine <endrazine@...il.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: GHOST gethostbyname() heap overflow in glibc
 (CVE-2015-0235)

On Tue, Jan 27, 2015 at 05:47:47PM -0800, endrazine wrote:
> From GHOST.c :
> ...
>   char name[10];
>   memset(name, '0', len);
>   name[len] = '\0';
> ...

Interesting!  But where did you possibly get that code?  Every copy of
our advisory includes the original proof-of-concept, which is quite
different from what you are showing here:

...
  char name[sizeof(temp.buffer)];
...

References:

http://www.openwall.com/lists/oss-security/2015/01/27/9
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

And just in case:

$ md5sum GHOST.c
aa8dbce88e54027dbd4723ccd142f717  GHOST.c

With best regards,

-- 
the Qualys Security Advisory team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.