Serious Network Function Vulnerability Found In Glibc

An anonymous reader writes: A very serious security problem has been found and patched in the GNU C Library (Glibc). A heap-based buffer overflow was found in __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to make an application call to either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the program. The vulnerability is easy to trigger as gethostbyname() can be called remotely for applications that do any kind of DNS resolving within the code. Qualys, who discovered the vulnerability (nicknamed "Ghost") during a code audit, wrote a mailing list entry with more details, including in-depth analysis and exploit vectors.

Re:Open source code is open for everyone

You know what you should run away from? Any large group of black people! Everybody knows it is true. Its just not socially acceptable to admit it. BUt when push comes to shove you know you would avoid them. You know it. You will mod me down anyway because that is the socially acceptable thing to do, even knowing what i say is true. Congrats, you are the sheeple, letting the collective do your thinking for you even when you know it is wrong. The health of a neighborhood is directly measurable by the proportion of blacks that inhabit it. Everybody knows it. You might say that is terrible to look good before other people but you know deep down you would not take your wife and small children to a neighborhood that's 85% black and expect to safely raise a family there. You would have some reason to move away, of course it would be "incidental" to the black population but you would find one anyway. Yes, we cannot openly admit it but we all know it is true. This is the insanity of socially defined pseudo-reality. It is why things dont change.