[HUB] [Security Advisory] CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow

Refers to:

  • Plesk for Linux

Created:

2016-11-16 12:51:06 UTC

Modified:

2016-12-21 19:22:27 UTC

0

Was this article helpful?


Have more questions?

Submit a request

[HUB] [Security Advisory] CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow

Situation

During a code audit performed internally at Qualys a heap-based buffer overflow was found in glibc's " __nss_hostname_digits_dots() " function, which is used by the gethostbyname()and gethostbyname2() glibc function calls.

Impact

There is a remote code execution risk due to this vulnerability. An attacker who exploits this issue can gain complete control of the compromised system.

More information about CVE-2015-0235 can be found in Qualys Blog and on Openwall website .

Solution

To close the vulnerability, install the latest available version of glibc from the OS vendor repository.

Call to Action

Install security patch following the instructions provided in these Parallels Knowledge base articles:

The fixed version of glibc have been released by the OS vendors:

Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

We also strongly encourage you to stay connected to Parallels for important product-related information via these methods:

Have more questions? Submit a request
Please sign in to leave a comment.