ID de Prueba:	1.3.6.1.4.1.25623.1.0.105192
Categoría:	Web application abuses
Título:	GNU glibc Remote Heap Buffer Overflow Vulnerability (WordPress)
Resumen:	The remote host is using a version of glibc which is prone to a heap-based buffer-overflow;vulnerability.
Descripción:	Summary: The remote host is using a version of glibc which is prone to a heap-based buffer-overflow vulnerability. Vulnerability Impact: An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts may crash the application, denying service to legitimate users. Solution: Update your glibc and reboot. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0235 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html BugTraq ID: 72325 http://www.securityfocus.com/bid/72325 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Bugtraq: 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) (Google Search) http://seclists.org/oss-sec/2015/q1/269 Bugtraq: 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow (Google Search) http://seclists.org/oss-sec/2015/q1/274 Bugtraq: 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235 (Google Search) http://www.securityfocus.com/archive/1/534845/100/0/threaded Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search) https://seclists.org/bugtraq/2019/Jun/14 Cisco Security Advisory: 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost Debian Security Information: DSA-3142 (Google Search) http://www.debian.org/security/2015/dsa-3142 http://seclists.org/fulldisclosure/2015/Jan/111 http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2021/Sep/0 http://seclists.org/fulldisclosure/2022/Jun/36 https://security.gentoo.org/glsa/201503-04 HPdes Security Advisory: HPSBGN03247 http://marc.info/?l=bugtraq&m=142296726407499&w=2 HPdes Security Advisory: HPSBGN03270 http://marc.info/?l=bugtraq&m=142781412222323&w=2 HPdes Security Advisory: HPSBGN03285 http://marc.info/?l=bugtraq&m=142722450701342&w=2 HPdes Security Advisory: HPSBHF03289 http://marc.info/?l=bugtraq&m=142721102728110&w=2 HPdes Security Advisory: HPSBMU03330 http://marc.info/?l=bugtraq&m=143145428124857&w=2 HPdes Security Advisory: SSRT101937 HPdes Security Advisory: SSRT101953 http://www.mandriva.com/security/advisories?name=MDVSA-2015:039 http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability https://www.arista.com/en/support/advisories-notices/security-advisories/1053-security-advisory-9 https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt http://www.openwall.com/lists/oss-security/2021/05/04/7 RedHat Security Advisories: RHSA-2015:0126 http://rhn.redhat.com/errata/RHSA-2015-0126.html http://www.securitytracker.com/id/1032909 http://secunia.com/advisories/62517 http://secunia.com/advisories/62640 http://secunia.com/advisories/62667 http://secunia.com/advisories/62680 http://secunia.com/advisories/62681 http://secunia.com/advisories/62688 http://secunia.com/advisories/62690 http://secunia.com/advisories/62691 http://secunia.com/advisories/62692 http://secunia.com/advisories/62698 http://secunia.com/advisories/62715 http://secunia.com/advisories/62758 http://secunia.com/advisories/62812 http://secunia.com/advisories/62813 http://secunia.com/advisories/62816 http://secunia.com/advisories/62865 http://secunia.com/advisories/62870 http://secunia.com/advisories/62871 http://secunia.com/advisories/62879 http://secunia.com/advisories/62883
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.