werd Posted January 28, 2015 Report Share Posted January 28, 2015 Detalizēta informācija pieejama CERT.LV - https://cert.lv/resource/show/604 Quote Link to comment Share on other sites More sharing options...
marrtins Posted January 28, 2015 Report Share Posted January 28, 2015 Psc labs! Quote Link to comment Share on other sites More sharing options...
Roze Posted January 28, 2015 Report Share Posted January 28, 2015 CERTs gan varēja ielikt arī uz orģinālo Advisory: http://www.openwall.com/lists/oss-security/2015/01/27/9 Otrs, iespējams, ka nav tik slikti: > you be willing to publish the list of the reviewed implementations to> reduce the amount of repeated work?Here is a list of potential targets that we investigated (they all callgethostbyname, one way or another), but to the best of our knowledge,the buffer overflow cannot be triggered in any of them:apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,vsftpd, xinetd.That being said, we believe it would be interesting if other peoplecould have a look, just in case we missed something.With best regards,--the Qualys Security Advisory team Quote Link to comment Share on other sites More sharing options...
Roze Posted January 28, 2015 Report Share Posted January 28, 2015 For fun http://lcamtuf.blogspot.com/2015/01/technical-analysis-of-qualys-ghost.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.