[UCI-Linux] CVE-2015-0235 glibc gethostbyname buffer overflow

Mike Iglesias iglesias at uci.edu
Tue Jan 27 10:52:54 PST 2015

A recent code audit of the GNU C library (glibc) has discovered a buffer
overflow in the gethostbyname code that could lead to local or remote code
execution.  This bug affects glibc releases prior to 2.18, and most stable and
long-term support releases could be vulnerable.  This includes CentOS 6 and 7,
RedHat Enterprise 6 and 7, Debian 7, etc.

An exploit has been created that causes the Exim mail server to crash so the
bug is exploitable remotely.

Fixes should be out shortly for affected releases of glibc.  If your system is
affected, you should watch for the update and apply it as soon as possible.

More information is available here:


Mike Iglesias                          Email:       iglesias at uci.edu
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270

More information about the UCI-Linux mailing list