Date: Sat, 31 Jan 2015 16:11:21 +0500 From: Ammar Brohi <brohiammar@...il.com> To: oss-security@...ts.openwall.com Subject: Re: R: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) I wonder how to detect this vulnerability? Any remote or local script to run? Thanks, On Fri, Jan 30, 2015 at 3:54 PM, linkbc02 <linkbc02@...look.com> wrote: > |If you try upgrading glibc and the issue goes away, _that_ would be a > |reason to suspect relevance. > > Hi, already done > > > # rpm -q glibc > glibc-2.12-1.132.el6_5.2.x86_64 > glibc-2.12-1.132.el6_5.2.i686 > > # yum update glibc > > > # rpm -q glibc > glibc-2.12-1.149.el6_6.5.x86_64 > glibc-2.12-1.149.el6_6.5.i686 > > > > # /etc/init.d/dovecot restart > > > # telnet localhost 143 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP ready. > 1 login > > 00000000000000000000000000000000000000000000000000000000000000000000000000-c > utted- > > > BAD Error in IMAP command received by server. > > * BAD Error in IMAP command received by server. > > > #dmesg doesn't show anymore segfault and core dump >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ