Attacker Value
Moderate
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

Heap overflow in glibc 2.2 name resolution (CVE-2015-0235)

Disclosure Date: January 28, 2015
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka “GHOST.”

Add Assessment

3
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Very High
Technical Analysis

The Metasploit module for this against Exim (exim_gethostbyname_bof) was pretty useful in 2015, though there are lots of other ways to exploit Exim that kind of show that things haven’t changed a whole lot since then. Hopefully there will be more systematic ways to guard against heap overflows in general on the OS these days, even if it’s at a performance loss (asan?).

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • apple,
  • debian,
  • gnu,
  • ibm,
  • oracle,
  • php,
  • redhat

Products

  • communications application session controller,
  • communications eagle application processor 16.0,
  • communications eagle lnp application processor 10.0,
  • communications lsms 13.1,
  • communications policy management 10.4.1,
  • communications policy management 11.5,
  • communications policy management 12.1.1,
  • communications policy management 9.7.3,
  • communications policy management 9.9.1,
  • communications session border controller,
  • communications session border controller 7.2.0,
  • communications session border controller 8.0.0,
  • communications user data repository,
  • communications webrtc session controller 7.0,
  • communications webrtc session controller 7.1,
  • communications webrtc session controller 7.2,
  • debian linux 7.0,
  • debian linux 8.0,
  • exalogic infrastructure 1.0,
  • exalogic infrastructure 2.0,
  • glibc,
  • linux 5,
  • linux 7,
  • mac os x,
  • php,
  • pureapplication system 1.0.0.0,
  • pureapplication system 1.1.0.0,
  • pureapplication system 2.0.0.0,
  • security access manager for enterprise single sign-on 8.2,
  • virtualization 6.0,
  • vm virtualbox

References

Advisory

Additional Info

Technical Analysis