You are here
GHOST Vulnerability
Last update on 29. January 2015 - 10:33.
GHOST is a serious vulnerability in the Linux glibc library. A heap-based buffer overflow can be caused by injecting a specially crafted IP address argument to the DNS resolving functions gethostbyname and gethostbyname2. This could be used by an attacker to execute arbitrary code in processes which called the affected functions.
Airlock WAF including Airlock Authentication Service are not affected.
All arguments resolved by gethostbyname are trusted in Airlock. They are either statically pre-configured or configured in the Configuration Center and can not be modified by an attacker.
For all vulnerable back-end systems and if exploitation of the vulnerability can not be ruled out we recommend to update glibc with patches from your Linux vendor.