Cyber Security Concept by noticias seguridad. Used with Creative Commons RIghts. https://www.flickr.com/photos/127899393@N04/

Cyber Security Concept by noticias seguridad. Used with Creative Commons Rights. https://www.flickr.com/photos/127899393@N04/

A new critical Linux vulnerability has been announced and nicknamed GHOST.  The bug exists in glibc, the GNU C library and affects many Linux systems dating back to 2000. Attackers can use this flaw to remotely gain control of Linux machines. While time will tell if the problem will be as worrisome as HeartBleed, BEAST or Shell Shock, its worth spending a few minutes to familiarize yourself with GHOST.

GHOST is a serious vulnerability in the Linux glibc library. An attacker who successfully exploits the bug can take complete remote control over a system. CVE-2015-0235 has been created to track the issue.

What is the vulnerability?

Researchers at Qualys discovered a buffer overflow in a function of glibc. The exploit vector can be reached from either the gethostbyname() or gethostbyname2() function.

What is glibc?

Glibc lis the GNU C library used on Linux and Unix systems.

What is the risk?

Attackers can potentially gain complete remote control of a compromised system. The researchers supplied example analysis of being able to remotely exploit a system running the Exim mail application.  It is safe to assume that many Linux applications make use of the gethostbyname function and would be equally vulnerable.

The vulnerability dates back to 2000 with glibc-2.2 and was subsequently fixed in 2013 with the glibc-2.18 release. However, since the fix was not marked as security issue, many vendors did not automatically release the update. As such, many systems are left today with the vulnerable glibc version installed.  For example, Debian 7, Red Hat Enterprise Linux 6 and 7 in addition to CentOS 6 and 7, plus Ubuntu 12.04 are marked as vulnerable.

What can you do?

The best action to take is to apply vendor patches as they become available.

References:

Qualys Advisory: https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

RedHat: https://rhn.redhat.com/errata/RHSA-2015-0090.html

Ubuntu: https://launchpad.net/ubuntu/+source/eglibc

Debian: https://security-tracker.debian.org/tracker/CVE-2015-0235

GNU C Library: http://www.gnu.org/software/libc/

Mitre: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235