// For flags

CVE-2015-0235

Exim ESMTP 4.80 - glibc gethostbyname Denial of Service

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

40
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores relacionados con la funciín (1) gethostbyname o (2) gethostbyname2, también conocido como 'GHOST.'

A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-11-18 CVE Reserved
  • 2015-01-27 CVE Published
  • 2015-01-27 First Exploit
  • 2024-08-06 CVE Updated
  • 2025-05-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-122: Heap-based Buffer Overflow
  • CWE-787: Out-of-bounds Write
CAPEC
References (122)
URL Tag Source
http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux Third Party Advisory
http://linux.oracle.com/errata/ELSA-2015-0090.html Third Party Advisory
http://linux.oracle.com/errata/ELSA-2015-0092.html Third Party Advisory
http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html Third Party Advisory
http://seclists.org/fulldisclosure/2015/Jan/111 Mailing List
http://seclists.org/oss-sec/2015/q1/269 Mailing List
http://secunia.com/advisories/62517 Not Applicable
http://secunia.com/advisories/62640 Not Applicable
http://secunia.com/advisories/62667 Not Applicable
http://secunia.com/advisories/62680 Not Applicable
http://secunia.com/advisories/62681 Not Applicable
http://secunia.com/advisories/62688 Not Applicable
http://secunia.com/advisories/62690 Not Applicable
http://secunia.com/advisories/62691 Not Applicable
http://secunia.com/advisories/62692 Not Applicable
http://secunia.com/advisories/62698 Not Applicable
http://secunia.com/advisories/62715 Not Applicable
http://secunia.com/advisories/62758 Not Applicable
http://secunia.com/advisories/62812 Not Applicable
http://secunia.com/advisories/62813 Not Applicable
http://secunia.com/advisories/62816 Not Applicable
http://secunia.com/advisories/62865 Not Applicable
http://secunia.com/advisories/62870 Not Applicable
http://secunia.com/advisories/62871 Not Applicable
http://secunia.com/advisories/62879 Not Applicable
http://secunia.com/advisories/62883 Not Applicable
http://support.apple.com/kb/HT204942 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21695695 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21695774 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21695835 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21695860 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21696131 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21696243 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21696526 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21696600 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21696602 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21696618 Third Party Advisory
http://www.idirect.net/Partners/~/media/Files/CVE/iDirect-Posted-Common-Vulnerabilities-and-Exposures.pdf Broken Link
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html Third Party Advisory
http://www.securityfocus.com/bid/72325 Third Party Advisory
http://www.securityfocus.com/bid/91787 Third Party Advisory
http://www.securitytracker.com/id/1032909 Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa90 Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf Third Party Advisory
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04874668 Third Party Advisory
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes Third Party Advisory
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671 Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10100 Third Party Advisory
https://security.netapp.com/advisory/ntap-20150127-0001 Third Party Advisory
https://support.apple.com/HT205267 Third Party Advisory
https://support.apple.com/HT205375 Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9 Third Party Advisory
https://www.f-secure.com/en/web/labs_global/fsc-2015-1 Third Party Advisory
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt Third Party Advisory
https://www.sophos.com/en-us/support/knowledgebase/121879.aspx Third Party Advisory
http://r-7.co/1CAnMc0
URL Date SRC
https://packetstorm.news/files/id/181060 2024-09-01
https://packetstorm.news/files/id/167552 2022-06-20
https://packetstorm.news/files/id/164014 2021-09-01
https://packetstorm.news/files/id/153278 2019-06-13
https://packetstorm.news/files/id/130974 2015-03-24
https://packetstorm.news/files/id/130115 2015-01-27
https://packetstorm.news/files/id/130171 2015-01-29
https://www.exploit-db.com/exploits/35951 2015-01-29
https://www.exploit-db.com/exploits/36421 2015-03-18
https://github.com/aaronfay/CVE-2015-0235-test 2015-01-29
https://github.com/makelinux/CVE-2015-0235-workaround 2015-02-04
https://github.com/sUbc0ol/CVE-2015-0235 2017-06-30
https://github.com/mikesplain/CVE-2015-0235-cookbook 2015-01-27
https://github.com/tobyzxj/CVE-2015-0235 2015-01-30
https://github.com/adherzog/ansible-CVE-2015-0235-GHOST 2015-01-28
https://github.com/fser/ghost-checker 2018-05-15
https://github.com/piyokango/ghost 2015-08-13
https://github.com/mholzinger/CVE-2015-0235_GHOST 2016-02-26
https://github.com/favoretti/lenny-libc6 2015-01-28
https://github.com/nickanderson/cfengine-CVE_2015_0235 2016-02-13
https://github.com/koudaiii-archives/cookbook-update-glibc 2023-01-28
https://github.com/F88/ghostbusters15 2015-02-17
https://github.com/arm13/ghost_exploit 2024-08-12
https://github.com/alanmeyer/CVE-glibc 2016-02-26
https://github.com/1and1-serversupport/ghosttester 2022-06-17
https://github.com/chayim/GHOSTCHECK-cve-2015-0235 2020-04-05
https://github.com/limkokholefork/GHOSTCHECK-cve-2015-0235 2021-11-02
https://github.com/furyutei/CVE-2015-0235_GHOST 2024-06-27
http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html 2024-08-06
http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html 2024-08-06
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html 2024-08-06
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html 2024-08-06
http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html 2024-08-06
http://seclists.org/fulldisclosure/2019/Jun/18 2024-08-06
http://seclists.org/fulldisclosure/2021/Sep/0 2024-08-06
http://seclists.org/fulldisclosure/2022/Jun/36 2024-08-06
http://seclists.org/oss-sec/2015/q1/274 2024-08-06
http://www.openwall.com/lists/oss-security/2021/05/04/7 2024-08-06
http://www.securityfocus.com/archive/1/534845/100/0/threaded 2024-08-06
https://seclists.org/bugtraq/2019/Jun/14 2024-08-06
URL Date SRC
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html 2024-02-14
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html 2024-02-14
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html 2024-02-14
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html 2024-02-14
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html 2024-02-14
URL Date SRC
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html 2024-02-14
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html 2024-02-14
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html 2024-02-14
http://marc.info/?l=bugtraq&m=142296726407499&w=2 2024-02-14
http://marc.info/?l=bugtraq&m=142721102728110&w=2 2024-02-14
http://marc.info/?l=bugtraq&m=142722450701342&w=2 2024-02-14
http://marc.info/?l=bugtraq&m=142781412222323&w=2 2024-02-14
http://marc.info/?l=bugtraq&m=143145428124857&w=2 2024-02-14
http://rhn.redhat.com/errata/RHSA-2015-0126.html 2024-02-14
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost 2024-02-14
http://www.debian.org/security/2015/dsa-3142 2024-02-14
http://www.mandriva.com/security/advisories?name=MDVSA-2015:039 2024-02-14
https://security.gentoo.org/glsa/201503-04 2024-02-14
https://access.redhat.com/security/cve/CVE-2015-0235 2015-02-04
https://bugzilla.redhat.com/show_bug.cgi?id=1183461 2015-02-04
https://access.redhat.com/security/vulnerabilities/ghost 2015-02-04
https://access.redhat.com/articles/1332213 2015-02-04
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnu
Search vendor "Gnu"
 Glibc
Search vendor "Gnu" for product "Glibc"
 >= 2.0 < 2.18
Search vendor "Gnu" for product "Glibc" and version " >= 2.0 < 2.18"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Application Session Controller
Search vendor "Oracle" for product "Communications Application Session Controller"
 < 3.7.1
Search vendor "Oracle" for product "Communications Application Session Controller" and version " < 3.7.1"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Eagle Application Processor
Search vendor "Oracle" for product "Communications Eagle Application Processor"
 16.0
Search vendor "Oracle" for product "Communications Eagle Application Processor" and version "16.0"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Eagle Lnp Application Processor
Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor"
 10.0
Search vendor "Oracle" for product "Communications Eagle Lnp Application Processor" and version "10.0"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Lsms
Search vendor "Oracle" for product "Communications Lsms"
 13.1
Search vendor "Oracle" for product "Communications Lsms" and version "13.1"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Policy Management
Search vendor "Oracle" for product "Communications Policy Management"
 9.7.3
Search vendor "Oracle" for product "Communications Policy Management" and version "9.7.3"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Policy Management
Search vendor "Oracle" for product "Communications Policy Management"
 9.9.1
Search vendor "Oracle" for product "Communications Policy Management" and version "9.9.1"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Policy Management
Search vendor "Oracle" for product "Communications Policy Management"
 10.4.1
Search vendor "Oracle" for product "Communications Policy Management" and version "10.4.1"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Policy Management
Search vendor "Oracle" for product "Communications Policy Management"
 11.5
Search vendor "Oracle" for product "Communications Policy Management" and version "11.5"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Policy Management
Search vendor "Oracle" for product "Communications Policy Management"
 12.1.1
Search vendor "Oracle" for product "Communications Policy Management" and version "12.1.1"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Session Border Controller
Search vendor "Oracle" for product "Communications Session Border Controller"
 < 7.2.0
Search vendor "Oracle" for product "Communications Session Border Controller" and version " < 7.2.0"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Session Border Controller
Search vendor "Oracle" for product "Communications Session Border Controller"
 7.2.0
Search vendor "Oracle" for product "Communications Session Border Controller" and version "7.2.0"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Session Border Controller
Search vendor "Oracle" for product "Communications Session Border Controller"
 8.0.0
Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.0.0"
-
Affected
Oracle
Search vendor "Oracle"
 Communications User Data Repository
Search vendor "Oracle" for product "Communications User Data Repository"
 >= 10.0.0 <= 10.0.1
Search vendor "Oracle" for product "Communications User Data Repository" and version " >= 10.0.0 <= 10.0.1"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Webrtc Session Controller
Search vendor "Oracle" for product "Communications Webrtc Session Controller"
 7.0
Search vendor "Oracle" for product "Communications Webrtc Session Controller" and version "7.0"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Webrtc Session Controller
Search vendor "Oracle" for product "Communications Webrtc Session Controller"
 7.1
Search vendor "Oracle" for product "Communications Webrtc Session Controller" and version "7.1"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Webrtc Session Controller
Search vendor "Oracle" for product "Communications Webrtc Session Controller"
 7.2
Search vendor "Oracle" for product "Communications Webrtc Session Controller" and version "7.2"
-
Affected
Oracle
Search vendor "Oracle"
 Exalogic Infrastructure
Search vendor "Oracle" for product "Exalogic Infrastructure"
 1.0
Search vendor "Oracle" for product "Exalogic Infrastructure" and version "1.0"
-
Affected
Oracle
Search vendor "Oracle"
 Exalogic Infrastructure
Search vendor "Oracle" for product "Exalogic Infrastructure"
 2.0
Search vendor "Oracle" for product "Exalogic Infrastructure" and version "2.0"
-
Affected
Oracle
Search vendor "Oracle"
 Vm Virtualbox
Search vendor "Oracle" for product "Vm Virtualbox"
 < 5.1.24
Search vendor "Oracle" for product "Vm Virtualbox" and version " < 5.1.24"
-
Affected
Oracle
Search vendor "Oracle"
 Linux
Search vendor "Oracle" for product "Linux"
 5
Search vendor "Oracle" for product "Linux" and version "5"
-
Affected
Oracle
Search vendor "Oracle"
 Linux
Search vendor "Oracle" for product "Linux"
 7
Search vendor "Oracle" for product "Linux" and version "7"
0
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Redhat
Search vendor "Redhat"
 Virtualization
Search vendor "Redhat" for product "Virtualization"
 6.0
Search vendor "Redhat" for product "Virtualization" and version "6.0"
-
Affected
Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
 < 10.11.1
Search vendor "Apple" for product "Mac Os X" and version " < 10.11.1"
-
Affected
Ibm
Search vendor "Ibm"
 Pureapplication System
Search vendor "Ibm" for product "Pureapplication System"
 1.0.0.0
Search vendor "Ibm" for product "Pureapplication System" and version "1.0.0.0"
-
Affected
Ibm
Search vendor "Ibm"
 Pureapplication System
Search vendor "Ibm" for product "Pureapplication System"
 1.1.0.0
Search vendor "Ibm" for product "Pureapplication System" and version "1.1.0.0"
-
Affected
Ibm
Search vendor "Ibm"
 Pureapplication System
Search vendor "Ibm" for product "Pureapplication System"
 2.0.0.0
Search vendor "Ibm" for product "Pureapplication System" and version "2.0.0.0"
-
Affected
Ibm
Search vendor "Ibm"
 Security Access Manager For Enterprise Single Sign-on
Search vendor "Ibm" for product "Security Access Manager For Enterprise Single Sign-on"
 8.2
Search vendor "Ibm" for product "Security Access Manager For Enterprise Single Sign-on" and version "8.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 >= 5.4.0 < 5.4.38
Search vendor "Php" for product "Php" and version " >= 5.4.0 < 5.4.38"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 >= 5.5.0 < 5.5.22
Search vendor "Php" for product "Php" and version " >= 5.5.0 < 5.5.22"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 >= 5.6.0 < 5.6.6
Search vendor "Php" for product "Php" and version " >= 5.6.0 < 5.6.6"
-
Affected