Linux "Ghost" Remote Code Execution Vulnerability

Polytropon freebsd at
Thu Jan 29 02:38:49 UTC 2015

On Wed, 28 Jan 2015 14:52:47 -0500, Jerry wrote:
> Does this vulnerability affect FreeBSD?

FreeBSD's gethostbyname() is located in the standard C library,
which is libc, not glibc (that Linux is using), so probably
FreeBSD is not affected. However, programs linked against
glibc and run in the Linux ABI environment might be affected,
I assume.

You can find a demonstration program here:

It's in section 4.

On my home system, I get this:

	% cc -Wall -o ghost ghost.c
	% ./ghost
	should not happen

Surprise: Neither "vulnerable" nor "not vulnerable" is printed.
That result is interesting. It might indicate ternary logic.

Note that 4.1 explicitely talks about "The GNU C Library"
which FreeBSD does not use (or have). Section 4 mentions
other programs (such as mount.nfs, ping, procmail) for
further explanation.

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list