A penetration tester wants to check manually if a "ghost" vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
A. Download the GHOST file to a Linux system and compile gcc -o GHOST test i: ./GHOST
B. Download the GHOST file to a Windows system and compile gcc -o GHOST GHOST.c test i: ./GHOST
C. Download the GHOST file to a Linux system and compile gcc -o GHOST.c test i: ./GHOST
D. Download the GHOST file to a Windows system and compile gcc -o GHOST test i: ./GHOST
C is correct
https://titanwolf.org/Network/Articles/Article?AID=16888ad1-f109-4a62-9b64-fd71015515d5#gsc.tab=0
Answer should be C.
Ghost vulnerability is a Linux glibc library vulnerability. Not Windows.
What is about -o option? There is no output file name except in option B.
Or the output file name is optional?