During a code audit performed internally at Qualys a heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls.
There is a remote code execution risk due to this vulnerability. An attacker who exploits this issue can gain complete control of the compromised system.
To close the vulnerability, install the latest available version of
glibc from the OS vendor repository to every Linux server in the infrastructure.
Call to action
glibcpackage on every Linux host in the infrastructure:
yum update glibc
- Restart network services having external access (for example Apache, SSH, MySQL, pem, pemui)