Serious Network Function Vulnerability Found In Glibc

An anonymous reader writes: A very serious security problem has been found and patched in the GNU C Library (Glibc). A heap-based buffer overflow was found in __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to make an application call to either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the program. The vulnerability is easy to trigger as gethostbyname() can be called remotely for applications that do any kind of DNS resolving within the code. Qualys, who discovered the vulnerability (nicknamed "Ghost") during a code audit, wrote a mailing list entry with more details, including in-depth analysis and exploit vectors.

Switch back to original Linux libc?

[BaronM]

The libc -> glibc switch was so much fun, that I think we should do it again in reverse!

Re:Open source code is open for everyone

[Serenissima]

I don't get it......Why is it that when a vulnerability is found in FOSS, you people all come out and mock it while ignoring all the incompetence of proprietary software?

I see that this is your first visit to Slashdot. Welcome!

Think you're immune from attacks?

[Rinikusu]

Don't be so glib, see?

I'll be here all night folks. Tip your servers. Make sure they're bolted in, though.

Re:Think you're immune from attacks?

[grcumb]

Don't be so glib, see?

I'll be here all night folks. Tip your servers. Make sure they're bolted in, though.

Don't blow your stack if nobody applauds. It's just that we're overflowing with bad puns, and the funny bits get flipped around, and in the end all we see is some stupid zero on the stage who's only in it for the cache anyway.