Date: Sat, 31 Jan 2015 16:11:21 +0500 From: Ammar Brohi <brohiammar@...il.com> To: oss-security@...ts.openwall.com Subject: Re: R: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) I wonder how to detect this vulnerability? Any remote or local script to run? Thanks, On Fri, Jan 30, 2015 at 3:54 PM, linkbc02 <linkbc02@...look.com> wrote: > |If you try upgrading glibc and the issue goes away, _that_ would be a > |reason to suspect relevance. > > Hi, already done > > > # rpm -q glibc > glibc-2.12-1.132.el6_5.2.x86_64 > glibc-2.12-1.132.el6_5.2.i686 > > # yum update glibc > > > # rpm -q glibc > glibc-2.12-1.149.el6_6.5.x86_64 > glibc-2.12-1.149.el6_6.5.i686 > > > > # /etc/init.d/dovecot restart > > > # telnet localhost 143 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > STARTTLS AUTH=PLAIN AUTH=LOGIN] IMAP ready. > 1 login > > 00000000000000000000000000000000000000000000000000000000000000000000000000-c > utted- > > > BAD Error in IMAP command received by server. > > * BAD Error in IMAP command received by server. > > > #dmesg doesn't show anymore segfault and core dump >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.