CVE-2015-0235 Ghost Vulnerability

Details:

https://rhn.redhat.com/errata/RHSA-2015-0090.html
Updated glibc packages that fix one security issue are now available for ScopServ Distributions built on CentOS 5.
Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)

Immediate Recommendations:

In order to protect your server and at the earliest convenience:
From the Linux shell execute (without quotations):

‘scopserv_yum update glibc* -y’

Ensure all updates have completed and then execute (without quotations)

‘reboot’

The minimum package requirements are:

glibc-devel-2.5-123
glibc-2.5-123
glibc-headers-2.5-123
glibc-2.5-123
glibc-common-2.5-123
nscd-2.5-123

Related Articles
ScopServ Vulnerability CVE-2014-1691 January 26, 2015
Scope: ScopServ, ScopTEL installations could be vulnerable to CVE-2014-1691. Description: Unsanitized variables are passed to the unserialize() PHP function. A remote attacker could specially-craft one of those variables allowing to load and execute ...
ScopTEL is not effected by CVE-2021-44228 log4j vulnerability
ScopServ is aware of the Apache log4j vulnerability and has completed verification that this issue does not affect ScopTEL products or services. Log4j is a java addon, no ScopTEL code is written in Java. On December 9th 2021, Apache published a ...
ScopServ Vulnerability CVE-2014-1691 January 26, 2015 Addendum
In addition to https://service.scopserv.com/support/scopservhq/ShowHomePage.do?articlestatus=published#Solutions/dv/542955000000703295/en If your installation cannot immediately and fully be upgraded as per the product bulletin. You may use this ...
Product Bulletin: RHSB-2022-001 Polkit Privilege Escalation - (CVE-2021-4034)
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 RHSB-2022-001 Polkit Privilege Escalation - (CVE-2021-4034) Executive summary Red Hat is aware of a vulnerability found in pkexec that allows an authenticated user to perform a ...
Module 9 - ScopTEL IP PBX Software - Automatic Provisioning System
Background The APS (Automatic Provisioning System) is used to create the required configuration files needed for many SIP end devices. The APS assigns SIP usernames and passwords, network options, time settings, QoS settings, dial plans , firmware ...

ScopTEL CVE-2015-0235

CVE-2015-0235 Ghost Vulnerability

Related Articles

ScopServ Vulnerability CVE-2014-1691 January 26, 2015

ScopTEL is not effected by CVE-2021-44228 log4j vulnerability

ScopServ Vulnerability CVE-2014-1691 January 26, 2015 Addendum

Product Bulletin: RHSB-2022-001 Polkit Privilege Escalation - (CVE-2021-4034)

Module 9 - ScopTEL IP PBX Software - Automatic Provisioning System