GHOST Vulnerability (CVE-2015-0235)

On 27 of January Qualys published a critical vulnerability dubbed “GHOST” as it can be triggered by the GetHOST functions ( gethostbyname*() ) of the glibc library shipping with the Linux kernel. Gli...

Updated Jun 06, 2023

Version 2.0

Historic F5 Account

Joined May 04, 2019

View Profile

hoolio

Cirrostratus

Jan 30, 2015

Here's an optimization to the iRule:

when CLIENT_ACCEPTED { 
    TCP::collect 
} 
when CLIENT_DATA { 
    switch -- [string toupper [TCP::payload 5]] {
        "HELO " - 
        "EHLO " { 
            if {[TCP::payload length] > 1000 ) } { 
                log local0. "Detected GHOST exploitation attempt" 
                TCP::close return 
            } 
        }
    }
    TCP::release 
    TCP::collect 
}

GHOST Vulnerability (CVE-2015-0235)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS