The ghost vulnerability has the potential to be vulnerable to many many pieces of software that call the gethostbyname() and gethostbyname2() functions. Is there an easy way to scan an executable to determine if it makes use of either of these two vulnerable functions? While this wouldn't tell you if a program was vulnerable, it can tell you if it's NOT vulnerable.
To use either of these functions, I believe the executable (or 3rd party library) must link to it. It seems to me you should be able to scan the executable for a link to the shared library.
Aucun commentaire:
Enregistrer un commentaire