CVE-2015-0235

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

References

http://seclists.org/oss-sec/2015/q1/274

http://seclists.org/oss-sec/2015/q1/269

https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

http://secunia.com/advisories/62691

http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux/

http://linux.oracle.com/errata/ELSA-2015-0090.html

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671

http://www-01.ibm.com/support/docview.wss?uid=swg21695835

https://kc.mcafee.com/corporate/index?page=content&id=SB10100

http://secunia.com/advisories/62698

http://linux.oracle.com/errata/ELSA-2015-0092.html

http://secunia.com/advisories/62692

https://bto.bluecoat.com/security-advisory/sa90

http://secunia.com/advisories/62690

http://www-01.ibm.com/support/docview.wss?uid=swg21695860

http://secunia.com/advisories/62715

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost

http://secunia.com/advisories/62688

http://secunia.com/advisories/62681

http://secunia.com/advisories/62667

https://www.sophos.com/en-us/support/knowledgebase/121879.aspx

http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html

http://secunia.com/advisories/62517

http://secunia.com/advisories/62640

http://secunia.com/advisories/62680

http://seclists.org/fulldisclosure/2015/Jan/111

http://www-01.ibm.com/support/docview.wss?uid=swg21696600

http://secunia.com/advisories/62883

http://secunia.com/advisories/62870

http://secunia.com/advisories/62871

http://www-01.ibm.com/support/docview.wss?uid=swg21696526

http://secunia.com/advisories/62879

http://www-01.ibm.com/support/docview.wss?uid=swg21696602

http://secunia.com/advisories/62865

http://www-01.ibm.com/support/docview.wss?uid=swg21696618

http://www-01.ibm.com/support/docview.wss?uid=swg21696243

http://www.debian.org/security/2015/dsa-3142

http://rhn.redhat.com/errata/RHSA-2015-0126.html

http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html

http://www.securityfocus.com/bid/72325

http://www.mandriva.com/security/advisories?name=MDVSA-2015:039

http://marc.info/?l=bugtraq&m=142721102728110&w=2

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf

http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html

http://marc.info/?l=bugtraq&m=142781412222323&w=2

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html

http://support.apple.com/kb/HT204942

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

https://support.apple.com/HT205267

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

https://support.apple.com/HT205375

http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

http://www.securityfocus.com/bid/91787

http://marc.info/?l=bugtraq&m=142722450701342&w=2

http://marc.info/?l=bugtraq&m=142296726407499&w=2

http://marc.info/?l=bugtraq&m=143145428124857&w=2

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668

https://www.f-secure.com/en/web/labs_global/fsc-2015-1

http://www-01.ibm.com/support/docview.wss?uid=swg21696131

http://www-01.ibm.com/support/docview.wss?uid=swg21695774

http://www-01.ibm.com/support/docview.wss?uid=swg21695695

http://secunia.com/advisories/62816

http://secunia.com/advisories/62813

http://secunia.com/advisories/62812

http://secunia.com/advisories/62758

https://security.gentoo.org/glsa/201503-04

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.securitytracker.com/id/1032909

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

https://security.netapp.com/advisory/ntap-20150127-0001/

http://www.securityfocus.com/archive/1/534845/100/0/threaded

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes

http://seclists.org/fulldisclosure/2019/Jun/18

https://seclists.org/bugtraq/2019/Jun/14

http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf

http://www.openwall.com/lists/oss-security/2021/05/04/7

http://seclists.org/fulldisclosure/2021/Sep/0

http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html

https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9

Details

Source: MITRE

Published: 2015-01-28

Updated: 2021-11-17

Type: CWE-787

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:oracle:communications_application_session_controller:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:-:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_application_processor:16.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_policy_management:9.7.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_policy_management:9.9.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_policy_management:10.4.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_policy_management:11.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_policy_management:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_border_controller:*:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_border_controller:7.2.0:-:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:* versions from 10.0.0 to 10.0.1 (inclusive)

cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:ibm:pureapplication_system:1.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:pureapplication_system:1.1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:pureapplication_system:2.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:security_access_manager_for_enterprise_single_sign-on:8.2:*:*:*:*:*:*:*

Tenable Plugins

View all (59 total)

IDNameProductFamilySeverity
125004EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)NessusHuawei Local Security Checks
high
124889EulerOS Virtualization for ARM 64 3.0.1.0 : glibc (EulerOS-SA-2019-1386)NessusHuawei Local Security Checks
high
98829PHP 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)Web Application ScanningComponent Vulnerability
critical
104998Check Point Gaia Operating Remote Heap Buffer Overflow (sk104443)(GHOST)NessusFirewalls
high
92412Cisco NX-OS GNU C Library (glibc) Buffer Overflow (GHOST)NessusCISCO
high
9324Mac OS X 10.9.5 or later < 10.11.1 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
88783OracleVM 3.3 : glibc (OVMSA-2016-0013) (GHOST)NessusOracleVM Local Security Checks
high
87327Xerox WorkCentre 77XX Multiple Vulnerabilities (XRX15R) (FREAK) (GHOST)NessusMisc.
critical
87322Xerox ColorQube 92XX Multiple OpenSSL Vulnerabilities (XRX15AD) (FREAK) (GHOST) (POODLE)NessusMisc.
critical
86829Mac OS X Multiple Vulnerabilities (Security Updates 2015-004 / 2015-007)NessusMacOS X Local Security Checks
critical
86654Mac OS X < 10.11.1 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
8982Mac OS X < 10.11 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
8801Mac OS X < 10.10.4 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
86270Mac OS X < 10.11 Multiple Vulnerabilities (GHOST)NessusMacOS X Local Security Checks
critical
86009F5 Networks BIG-IP : GHOST: glibc gethostbyname buffer overflow vulnerability (K16057) (GHOST)NessusF5 Networks Local Security Checks
high
85449Cisco Unified Communications Manager IM and Presence GNU C Library (glibc) Buffer Overflow (CSCus69785) (GHOST)NessusCISCO
critical
84489Mac OS X Multiple Vulnerabilities (Security Update 2015-005) (GHOST) (Logjam)NessusMacOS X Local Security Checks
critical
84488Mac OS X 10.10.x < 10.10.4 Multiple Vulnerabilities (GHOST) (Logjam)NessusMacOS X Local Security Checks
critical
8677PHP 5.4.x < 5.4.38 / 5.5.x < 5.5.22 / 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)Nessus Network MonitorWeb Servers
critical
82122Debian DLA-139-1 : eglibc security update (GHOST)NessusDebian Local Security Checks
high
82043Amazon Linux AMI : php55 (ALAS-2015-494) (GHOST)NessusAmazon Linux Local Security Checks
high
81829Amazon Linux AMI : php54 (ALAS-2015-493) (GHOST)NessusAmazon Linux Local Security Checks
high
81689GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)NessusGentoo Local Security Checks
high
81596Cisco IOS XR GNU C Library (glibc) Buffer Overflow (GHOST)NessusCISCO
critical
81595Cisco IOS XE GNU GNU C Library (glibc) Buffer Overflow (CSCus69731) (GHOST)NessusCISCO
critical
81594Cisco IOS XE GNU C Library (glibc) Buffer Overflow (CSCus69732) (GHOST)NessusCISCO
critical
81559FreeBSD : php5 -- multiple vulnerabilities (f7a9e415-bdca-11e4-970c-000c292ee6b8) (GHOST)NessusFreeBSD Local Security Checks
high
81546Cisco Unified Communications Manager Remote Buffer Overflow (CSCus66650) (GHOST)NessusCISCO
critical
81512PHP 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)NessusCGI abuses
critical
81511PHP 5.5.x < 5.5.22 Multiple Vulnerabilities (GHOST)NessusCGI abuses
critical
81510PHP 5.4.x < 5.4.38 Multiple Vulnerabilities (GHOST)NessusCGI abuses
critical
81423Cisco Application Control Engine GNU glibc gethostbyname Function Buffer Overflow Vulnerability (cisco-sa-20150128-ghost) (GHOST)NessusCISCO
critical
81408Cisco TelePresence Video Communication Server GNU glibc gethostbyname Function Buffer Overflow Vulnerability (GHOST)NessusCISCO
critical
81407Cisco TelePresence Conductor GNU glibc gethostbyname Function Buffer Overflow Vulnerability (GHOST)NessusCISCO
critical
81280Mandriva Linux Security Advisory : glibc (MDVSA-2015:039)NessusMandriva Local Security Checks
high
81200RHEL 6 : rhev-hypervisor6 (RHSA-2015:0126) (GHOST)NessusRed Hat Local Security Checks
medium
81167Palo Alto Networks PAN-OS <= 5.0.15 / 6.0.x <= 6.0.8 / 6.1.x <= 6.1.2 GNU C Library (glibc) Buffer Overflow (GHOST)NessusPalo Alto Local Security Checks
high
81136openSUSE Security Update : glibc (openSUSE-SU-2015:0184-1) (GHOST)NessusSuSE Local Security Checks
high
81125SuSE 10 Security Update : glibc (ZYPP Patch Number 9035)NessusSuSE Local Security Checks
high
81119OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)NessusOracleVM Local Security Checks
high
81118OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)NessusOracleVM Local Security Checks
high
81104RHEL 4 : glibc (RHSA-2015:0101) (GHOST)NessusRed Hat Local Security Checks
high
81103OracleVM 3.3 : glibc (OVMSA-2015-0022) (GHOST)NessusOracleVM Local Security Checks
high
81099Oracle Linux 4 : glibc (ELSA-2015-0101) (GHOST)NessusOracle Linux Local Security Checks
high
81075Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : glibc (SSA:2015-028-01) (GHOST)NessusSlackware Local Security Checks
high
81068RHEL 5 / 6 : glibc (RHSA-2015:0099) (GHOST)NessusRed Hat Local Security Checks
high
81062FreeBSD : glibc -- gethostbyname buffer overflow (0765de84-a6c1-11e4-a0c1-c485083ca99c) (GHOST)NessusFreeBSD Local Security Checks
high
81044Oracle Linux 5 : glibc (ELSA-2015-0090) (GHOST)NessusOracle Linux Local Security Checks
high
81042Ubuntu 10.04 LTS / 12.04 LTS : eglibc vulnerability (USN-2485-1) (GHOST)NessusUbuntu Local Security Checks
high
81038Scientific Linux Security Update : glibc on SL6.x, SL7.x i386/x86_64 (20150127) (GHOST)NessusScientific Linux Local Security Checks
high
81037Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20150127) (GHOST)NessusScientific Linux Local Security Checks
high
81034RHEL 6 / 7 : glibc (RHSA-2015:0092) (GHOST)NessusRed Hat Local Security Checks
high
81033RHEL 5 : glibc (RHSA-2015:0090) (GHOST)NessusRed Hat Local Security Checks
high
81031Oracle Linux 6 / 7 : glibc (ELSA-2015-0092) (GHOST)NessusOracle Linux Local Security Checks
high
81029Debian DSA-3142-1 : eglibc - security updateNessusDebian Local Security Checks
high
81026CentOS 6 / 7 : glibc (CESA-2015:0092) (GHOST)NessusCentOS Local Security Checks
high
81025CentOS 5 : glibc (CESA-2015:0090) (GHOST)NessusCentOS Local Security Checks
high
81039SuSE 11 Security Update : glibc (SAT Patch Numbers 10202,10204,10206)NessusSuSE Local Security Checks
high
81024Amazon Linux AMI : glibc (ALAS-2015-473)NessusAmazon Linux Local Security Checks
high