CVE-2015-0235 Vulnerability Info for Red Hat and CentOS

Reading Time: < 1 minute

A vulnerability found in the glibc library, specifically a flaw affecting the gethostbyname() and gethostbyname2() function calls, that allows a remote attacker to potentially execute arbitrary code. CentOS 5, CentOS 6, and CentOS 7 are potentially affected, thus we want to highlight the following information.

Liquid Web package repositories have been updated. Many servers (barring those with updates disabled) have received an update that patches this vulnerability, however, a reboot will still be required in those cases.

To verify your glibc has at least downloaded the patch you can run the following command on your server:

rpm -q --changelog glibc | grep CVE-2015-0235

If your server has the patch, then you should receive a response similar to:

– Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183535).

Be sure to reboot your server after the patch is installed.

We also have tutorials on How to Check the glibc (GNU libc) Version on CentOS 6 and CentOS 7 and How To Update the glibc (GNU libc) in CentOS / Red Hat.

Red Hat describes the issue as follows:

A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

Further information on CVE-2015-0235 is available from the Red Hat.

Avatar for J. Mays

About the Author: J. Mays

As a previous contributor, JMays shares his insight with our Knowledge Base center. In our Knowledge Base, you'll be able to find how-to articles on Ubuntu, CentOS, Fedora and much more!

Latest Articles

What is VMware Fusion?

Read Article

How to Install Zen Cart on CentOS 7

Read Article

Five Steps to Create a Robots.txt File for Your Website

Read Article

Premium Business Email Pricing FAQ

Read Article

Microsoft Exchange Server Security Update

Read Article