This Exadata vulnerability is related to glibc vulnerability. A heap-based buffer overflow was
found in glibc's __nss_hostname_digits_dots() function, which is used by
the gethostbyname() and gethostbyname2() glibc function calls.
A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
In order to check if your Exadata system suffers from this vulnerability, use:
[root@server ~]# ./ghostest-rhn-cf.sh
vulnerable
The solution and action plan for this vulnerability is available by My Oracle Support in the following document:
glibc vulnerability (CVE-2015-0235) patch availability for Oracle Exadata Database Machine (Doc ID 1965525.1)
A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
In order to check if your Exadata system suffers from this vulnerability, use:
[root@server ~]# ./ghostest-rhn-cf.sh
vulnerable
The solution and action plan for this vulnerability is available by My Oracle Support in the following document:
glibc vulnerability (CVE-2015-0235) patch availability for Oracle Exadata Database Machine (Doc ID 1965525.1)
No comments:
Post a Comment