A New Security Threat for Linux - All about the glibc Ghost Vulnerability


A new security vulnerability named Ghost was discovered by Qualys this week in a library used by some web servers that run on Linux. The vulnerability is potentially very damaging but limited in scope because a victim has to be set up a very specific way in order to be vulnerable to attack.

In order for Ghost to be exploitable, you need to have a Linux server with a vulnerable glibc library installed, and you need to be calling specific functions from that library. These functions are called GetHostByName and GetHostByName2. They are typically called for applications that need to do DNS resolution. These functions can be attacked in order to create a buffer overrun, which is a common flaw that can be exploited to gain unauthorized access to servers.

Fortunately, a fix for this particular bug has been in play since August 12th 2013. At the time, it was not known that there was a security vulnerability, but the code was corrected.

On top of that, GetHostByName and GetHostByName2 were antiquated by the introduction of IPv6. When support was implemented for the new addressing scheme, the functions were replaced with a new function GetAddrInfo.

So far, the only major applications impacted by the bug are the Wordpress Content Management System, and servers that run PHP code that call the GetHostByName* functions.

A patch is already available for most distributions of Linux. Update your systems accordingly!


< last
next >