Veiligheidswaarschuwing: “Ghost” lek in Linux distributies

Beste klanten,

Recent werd er een lek gevonden in bijna alle Linux distributies via de “Name Service Switch (nss) library”. Deze bug staat mensen toe om toegang te krijgen tot deze systemen en hierop code uit te voeren.

U kan onderaan dit bericht verdere informatie terugvinden, alsook de uitleg hoe u dit lek kan sluiten. Edpnet heeft haar systemen reeds ge├╝pdatet, we raden onze klanten aan om hetzelfde te doen.

A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

Bron en info: http://ma.ttias.be

Met vriendelijke groeten, Het edpnet team


Security bulletin: “Ghost” vulnerability on Linux devices

Dear customers,

Recently a critical security bug has been found with the Name Service Switch (nss) library in almost all Linux distributions. This bug can allow attackers to gain access to affected systems remotely by possibility to remotely execute arbitrary machine code without permissions.

Information on this bug and how it can be resolved can be found below. Edpnet has already patched this vulnerability on all of its servers, and we strongly advice our customers to do the same.

A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

Source and info: http://ma.ttias.be

Best regards,The edpnet team

*All times are listed in CET, Central European Time