On January 27, 2015, the PR firm used by the security vendor Qualys prematurely leaked vulnerability details regarding a critical vulnerability in the GNU C library. The vulnerability exists in all versions of glibc since 2000.
The vulnerability itself is a heap-based buffer overflow in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call. A remote attacker could use this flaw to execute arbitrary code with the permissions of the user running the application.
Qualys has provided a nice breakdown on their blog to help users better understand the impact and severity.
One important item of note is that Qualys has created a proof-of-concept exploit, which exploits this vulnerability in Exim. At the time of writing, it is understood that Exim is only exploitable if “configured to perform extra security checks on the HELO and EHLO commands (“helo_verify_hosts” or “helo_try_verify_hosts” option, or “verify = helo” ACL).” This simplifies determining whether or not an instance of Exim is exploitable by looking at the Exim configuration file for these settings.
Due to the fact that the vulnerability details were disclosed ahead of time, no patch is currently available for CentOS. A patch is expected to be released today for CentOS and SingleHop is following the planned release of this update very closely. The Debian, Ubuntu, and RHEL distributions have updated their glibc packages with a fix. CentOS (once available) and RHEL users can apply this update by running “yum –y update glibc.” Debian and Ubuntu users can apply the update by running “apt-get upgrade glibc.”
To determine whether or not your system is vulnerable, you can compile the test code provided by Qualys: