oss-sec mailing list archives
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
From: Jonathan Brossard <endrazine () gmail com>
Date: Tue, 27 Jan 2015 18:19:48 -0800
Dear Qualys team, dear list,
From GHOST.c : ... char name[10]; memset(name, '0', len); name[len] = '\0'; ...
I have been made aware off line that I have been working with an edited version of GHOST.c : the original version has a name buffer of size 1024, which is indeed perfectly fine to copy 991 + 1 byte ! There is no stack overflow in the original GHOST.c code : my humble appology for the noise :( Best regards, j-
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Pierre Schweitzer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) endrazine (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) endrazine (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jonathan Brossard (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Pierre Schweitzer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Filip Palian (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 28)