Skip to main content
  1. Home >
  2. Products>
  3. GNU C Library vulnerability aka “GHOST”

GNU C Library vulnerability aka “GHOST”

SERVICE FACTS

Synopsis

A heap-based buffer overflow may be provoked in the __nss_hostname_digits_dots() function of the GNU C Library (glibc) by which arbitrary code may be executed. The susceptible function is used by the gethostbyname() and gethostbyname2() glibc function calls. This vulnerability is commonly referred to by the name "GHOST".

The formal CVE reference is CVE-2015-0235 CVSS Scoring (Base): 10.0

Source: National Institute of Standards and Technology http://nvd.nist.gov/home.cfm, US-CERT http://www.kb.cert.org/vuls/

Threat

All versions of glibc from 2.2, and other 2.x versions before 2.18 are vulnerable.

Solution / Workaround

All products using glibc versions 2.2, and other 2.x versions before 2.18. Fujitsu is analyzing its products and will update this list below accordingly.

Affected and unaffected productsOpen a new window (237 KB)

For Products not contained in this list, please contact your service partner.

Other Links

Debian: https://www.debian.org/security/2015/dsa-3142Open a new window
Red Hat: https://access.redhat.com/articles/1332213Open a new window
Novell: http://support.novell.com/security/cve/CVE-2015-0235.htmlOpen a new window
Ubuntu: http://www.ubuntu.com/usn/usn-2485-1/Open a new window
CentOS: https://www.centos.org/forums/viewtopic.php?f=47&t=50808Open a new window
CITRIX: http://support.citrix.com/article/CTX200391Open a new window
CISCO: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost/Open a new window