CVE-2015-0235: “Highlights”

Please don’t over hype the vulnerability. Here’s the quick and dirty things you need to know.

1.CVE-2015-0235 is a remote code execution vulnerability affecting Linux systems using older versions of the GNU C Library (glibc versions less than 2.18).

2.glibc is a core component of Linux used to implement C libraries.

3.Patch existed in 2013 and is included with glibc-2.18.

4.It’s not another Heartbleed; the attack surface is still largely unknown.

5.Capable of remote or local execution.

6.In contrast to a vulnerability like Heartbleed, this issue is not always exploitable. In fact,
in a general sense, this is not an easy bug to exploit.
a.Only one easily-exploitable case has been identified so far, Exim Mail Server.

7.This issue is difficult to test for, as the full attack surface is not yet known.
a.Glibc Version checks:
i.root$ /lib/x86_64-linux-gnu/libc.so.6
ii.root$ ldd –version

8.Deep dive here: http://www.openwall.com/lists/oss-security/2015/01/27/9

Advertisements