Based on some facts:
1. Run the famous GHOST.c and print out "not vulnerable" with 2.17-93ubuntu4 libc6.
2. The patch was in on May 21, 2013, between the release of glibc-2.17 and 2.18.
3. Tomsguide said 13.10 and later are immune.
4. A comment from Y Combinator said no.
However, Qualys said 2.17 should have a problem right?
Following the patch...
Let's get the glibc source 2.17-93ubuntu4
# apt-get source eglibc
# head debian/changelog
eglibc (2.17-93ubuntu4) saucy; urgency=low
# vi nss/digits_dots.c
matches
Yea it was patched.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment