by matsuu on 1/28/15, 2:34 PM with 11 comments
by gtrubetskoy on 1/28/15, 4:02 PM
"First of all, this vulnerability has long been patched" - not true, it wasn't patched on RedHat and Debian until yesterday.
"many apps are not at risk" - so, what, nothing to worry about?
"the functions that are the subject of this vulnerability are obsolete" - obsolete they may be, but a ton of software still uses them.
"Taken together, the risk of actual exploits targeting GHOST is relatively small compared to other vulnerabilities like Shellshock or Heartbleed." - just because it is not widely known how to exploit this does not imply the risk is small. Let's wait until someone figures this out or the POC exploit is made public.
by hellbantest on 1/28/15, 3:54 PM
Qualys has developed a PoC that runs arbitrary code against a sample target.
by gaius on 1/28/15, 9:27 PM