Remote Code Execution Flaw Patched in glibc Library

ronjor · Feb 16, 2016

By Eduard Kovacs on February 16, 2016

Researchers have discovered a serious remote code execution vulnerability in the GNU C Library, also known as glibc.

glibc, the GNU Project’s implementation of the standard library for the C programming language, is a library used in GNU, Linux and other systems that use Linux as the kernel
Click to expand...

Krusty · Feb 16, 2016

http://www.bbc.com/news/technology-35592916

A major computer security vulnerability has been discovered - with experts cautiously warning it could potentially affect hundreds of thousands of devices, apps and services.
Click to expand...

Nanobot · Feb 17, 2016

OMG WE'RE DOOMED etc etc... Patch is already out since yesterday in all affected distros, moreover the vast majority of embedded devices use uClibc and bionic for android, not glibc. and...

Exploitation:

Remote code execution is possible, but not straightforward. It requires bypassing the security mitigations present on the system, such as ASLR.
Click to expand...

/fear_mongering

Amanda · Feb 17, 2016

Nanobot said: ↑

OMG WE'RE DOOMED etc etc... Patch is already out since yesterday in all affected distros, moreover the vast majority of embedded devices use uClibc and bionic for android, not glibc. and...

/fear_mongering
Click to expand...

Correct. The first thing I did today when I woke up was update my Arch install, and already got the new glibc.

ronjor · Feb 17, 2016

glibc vulnerable to stack buffer overflow in DNS resolver

Original Release date: 17 Feb 2016 | Last revised: 17 Feb 2016
Solution
Apply an update

A patch for glibc is available. Affected users should apply the patch as soon as possible. The patch will also be included as part of the upcoming glibc 2.23 release.
Click to expand...

http://www.kb.cert.org/vuls/id/457759

ronjor · Feb 18, 2016

Magnitude of glibc Vulnerability Coming to Light

by Michael Mimoso Follow @mike_mimoso February 17, 2016 , 4:01 pm

Not since Stagefright have we had a vulnerability with the scale and reach of the glibc flaw disclosed on Tuesday.
Click to expand...

elapsed · Feb 18, 2016

One has to wonder how you can compare an exploit that doesn't affect Android to an exploit that does affect android? i.e. comparing this to Stagefright seems silly.

Log in or Sign up

Remote Code Execution Flaw Patched in glibc Library

ronjor Global Moderator

Krusty Registered Member

Nanobot Registered Member

Amanda Registered Member

ronjor Global Moderator

ronjor Global Moderator

elapsed Registered Member

Log in or Sign up

Remote Code Execution Flaw Patched in glibc Library

ronjor Global Moderator

Krusty Registered Member

Nanobot Registered Member

Amanda Registered Member

ronjor Global Moderator

ronjor Global Moderator

elapsed Registered Member

Useful Searches