Information on CVE-2015-0235 (GHOST) Vulnerability for Red Hat and CentOS

A vulnerability found in the glibc library, specifically a flaw affecting the gethostbyname() and gethostbyname2() function calls, that allows a remote attacker to potentially execute arbitrary code. CentOS 5, CentOS 6, and CentOS 7 are potentially affected, thus we want to highlight the following information.


XWeb package repositories have been updated. Many servers (barring those with updates disabled) have received an update that patches this vulnerability, however, a reboot will still be required in those cases.

To verify your glibc has at least downloaded the patch you can run the following command on your server:

rpm -q --changelog glibc | grep CVE-2015-0235


If your server has the patch, then you should receive a response similar to:

- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183535).


Be sure to reboot your server after the patch is installed.

Red Hat describes the issue as follows:

A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.


Further information on CVE-2015-0235 is available from the Red Hat.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Locations of Common Log Files on cPanel Servers

One of the nice things about cPanel based servers is the way that they keep the location of key...

How to Add a User and Grant Root Privileges on Ubuntu 14.04

Step 1: Add the User It’s just one simple command to add a user. In this case, we’re...

Update and Patch OpenSSL on Ubuntu for the CCS Injection Vulnerability

What is OpenSSL? OpenSSL is a common cryptographic library which provides encryption,...

Error: 500 OOPS: priv_sock_get_cmd [SOLVED]

The Fix This error may occur when attempting to connect to a vsftpd FTP server. You simply need...

How to Install ProFTPD on CentOS 7

Step 1: Add the EPEL Repository ProFTPD is part of Extra Packages for Enterprise Linux (EPEL),...

Powered by WHMCompleteSolution