oss-sec mailing list archives
R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)
From: linkbc02 <linkbc02 () outlook com>
Date: Fri, 30 Jan 2015 11:09:01 +0100
Sorry Alexander, I quoted the wrong one. I can confirm, Dovecot, at least, got crashed, I asked also Timo S. that is digging about it. Screenshot http://goo.gl/JwhWIf |-----Messaggio originale----- |Da: Solar Designer [mailto:solar () openwall com] |Inviato: venerdì 30 gennaio 2015 10:47 |A: oss-security () lists openwall com |Cc: linkbc02 |Oggetto: Re: [oss-security] GHOST gethostbyname() heap overflow in glibc |(CVE-2015-0235) | |On Fri, Jan 30, 2015 at 10:24:56AM +0100, linkbc02 wrote: |> Dovecot: It seems that libdovecot-storage.so can be triggered and you can |read the core dump |> |> imap[29914]: segfault at 0 ip 00007f1e525263a0 sp 00007fffaeed7818 |> error 4 in libdovecot-storage.so.0.0.0[7f1e5249e000+10f000] | |I reluctantly approved the above posting even though it contains no |indication this has anything to do with GHOST, and it bottom-quotes a |mostly irrelevant message (latest one from the thread). | |linkbc02, if you have any reason to believe this is relevant to GHOST, |then please explain. And if you have no such reason, then please also |state so, and we'll more confidently disregard this false alarm. ;-) | |Alexander
Current thread:
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235), (continued)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kees Cook (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Alexander Cherepanov (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Ammar Brohi (Jan 31)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Daniel Kahn Gillmor (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jan Schaumann (Jan 29)