2

CVE-2015-0235, aka "GHOST", is a buffer overflow in glibc. It specifically affects the gethostbyname functions, which are apparently obsolete but still in use.

Obviously the best option is to update ASAP, but glibc requires reboot. For some servers, the cost of unscheduled downtime might be higher than the risk, assuming said risk can be reasonably quantified.

At least one email system is known vulnerable, but what other services call gethostbyname* (or more importantly, don't)? Other than a huge source code search, is there a good way to check?

Foo Bar
  • 161
  • 8

1 Answers1

4

According to this post from Qualys the following daemons are not vulnerable to their knowledge:

apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd

Still, I would advice to patch all systems asap.

r_3
  • 886
  • 5
  • 9