Subject: | Linux "Ghost" Remote Code Execution Vulnerability |
---|---|
Date: | Tue, 27 Jan 2015 16:11:09 -0600 |
From: | US-CERT <US-...@ncas.us-cert.gov> |
Reply-To: | US-...@ncas.us-cert.gov |
To: | gera...@gmail.com |
National Cyber Awareness System: 01/27/2015 04:39 PM EST
Original release date: January 27, 2015
The Linux GNU C Library (glibc) versions prior to 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Linux distributions employing glibc-2.18 and later are not affected. US-CERT recommends users and administrators refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch if affected. Patches are available from Ubuntu and Red Hat. The GNU C Library versions 2.18 and later are also available for experienced users and administrators to implement. This product is provided subject to this Notification and this Privacy & Use policy.
|