There’s never a quiet moment, and – if the snow wasn’t enough excitement for you today – a new security vulnerability has been found in the GNU glibc library, dubbed GHOST (CVE-2015-0235). If this doesn’t mean anything to you, it’s a new bug that – whilst not quite at ‘Heartbleed’ on the DEFCON scale – is pretty serious, and if you’re a Linux user it may well affect you, so there are steps that you need to take asap to protect yourself and your business. 


What is GHOST:

In techie terms, GHOST is a heap-based buffer overflow in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call. Full details can be found in a public mailing list along with a proof of concept.

In English, it’s a critical Linux security hole which has the possibility to allow attackers to take control of your system without any of the passwords, though this has yet to be proven.

What’s the Risk?

A remote attacker could use this flaw to execute arbitrary code with the permissions of the user running the application.

So, fair to pretty serious.

What services use GNU glibc?

There are a high number of services on GNU Linux that depend on GNU glibc (mysql, bacula, exim ,nginx just to name a few). To check which services depend on GNU glibc you can run the following command:

`lsof | grep libc | awk ‘{print $1}’ | sort | uniq`

What distributions are in scope?

Currently the following distributions are affected:

RHEL 5.x, 6.x and 7.x

CentOS 5.x, 6.x and 7.x

Ubuntu LTS 10.04 and 12.04

Debian version 7

How do I fix this?

There is now a patch in repositories for all major LTS distributions. The patch can be applied using the distributions package manager. Once applied any service that is using GNU glibc will need to be restarted, it’s probably easiest to just reboot the entire server as most services depend on this library.

Do NOT follow this link or you will be banned from the site!