Qualys found during a code audit a buffer overflow exploit for gethostbyname() in glibc which they’ve named GHOST. This means that any internet facing software that can be persuaded to do a DNS lookup is potentially vulnerable. To a first approximation that’s everything that’s listening on an internet socket. The details are in CVE-2015-0235. … Continue reading glibc 0-day exploit (GHOST), how we’re handling it