That's a great writeup. It will be really interesting to see how they achieve re... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tonyhb on Jan 27, 2015 \| parent \| context \| favorite \| on: CVE-2015-0235 – GHOST: glibc gethostbyname buffer ... That's a great writeup. It will be really interesting to see how they achieve remote code execution under those limitations. Also surprising to note that we've been vulnerable since November 2000.

ChuckMcM on Jan 27, 2015 [–]

They give it away (which I find moderately not nice of them) by saying they used Exim (the mail server) in their POC.

ryan-c on Jan 27, 2015 | [–]

The default exim config seems to not be vulnerable.

I checked the configs on two of my systems, one default, and one heavily customized, neither had the helo verification turned on.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact