Security News #0x7E
- A vulnerability in glibc that affects the
gethostbynamewas announced by Qualys. As seems to be all the rage, it was given a nickname, in this case “ghost”. I prefer the easier to remember CVE-2015-0235, though it should be noted that this is marked as reserved rather than assigned in the various databases. Ars Technica has a broad overview of the vulnerability. Because this affects a commonly used library, there are many applications that could potentially be vulnerable; for a list, check out the Sucuri blog. After some reading though, my conclusion is that the best technical analysis is available at lcamtuf’s blog; it should be required reading.
- I read a wonderful blog post where they build and run a functioning C program without a
main()function. In fact, the entire program (which prints “Hello World!” to the screen) consists of a single variable declaration. Intrigued? Check it out..
- Do you want root on a Nexus 5 with Android 4.4.4? Packetstorm has proof of concept code.