Recently there has been a flurry of activity and requests concerning the GNU C Library (glibc) vulnerabilities. CVE-2015-0237 could allow an attacker to gain control of an affected system by taking advantage of a vulnerability in the gethostbyname function. CVE-2015-7547 contains a buffer overflow vulnerability in the DNS resolver which could also allow an attacker to take control of an affected system.
I’ve created a document that outlines the steps I would take in identifying, remediating, and validating the GNU glibc vulnerabilities using BladeLogic Server Automation.
This document was generated from the following discussion: GNU C Library (glibc) vulnerabilities.