FreeBSD : glibc -- gethostbyname buffer overflow (0765de84-a6c1-11e4-a0c1-c485083ca99c) (GHOST)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Robert Kratky reports :

GHOST is a 'buffer overflow' bug affecting the gethostbyname() and
gethostbyname2() function calls in the glibc library. This
vulnerability allows a remote attacker that is able to make an
application call to either of these functions to execute arbitrary
code with the permissions of the user running the application. The
gethostbyname() function calls are used for DNS resolving, which is a
very common event. To exploit this vulnerability, an attacker must
trigger a buffer overflow by supplying an invalid hostname argument to
an application that performs a DNS resolution.

See also :

https://access.redhat.com/articles/1332213
http://www.openwall.com/lists/oss-security/2015/01/27/9
http://www.nessus.org/u?9908bd54

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 81062 ()

Bugtraq ID:

CVE ID: CVE-2015-0235

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now