Ghost vulnerability leaves Linux systems vulnerable

A critical vulnerability has been identified in the Linux GNU C Library (glibc), which is a commonly used component of most Linux distributions. This security vulnerability GHOST (CVE-2015-0235) was discovered by the Qualys. The flaw in Glibc exposes a buffer overflow that can be triggered locally and remotely in the “gethostbyname” functions.
It’s unclear whether attackers have been aware or exploiting this vulnerability before it was found but as its now become common knowledge we can expect that a lot of cyber attacker will attempt to use this vulnerability to exploit system.

Video Provided by Qualys on this security vulnerability.

 

CVE:
CVE-2015-0235

RISK:
This vulnerability this security hole could allow attackers to execute malicious code on servers and remotely gain control of Linux system.
A flaw in a commonly used component in most Linux distributions could allow an attacker to take remote control of a system after merely sending a malicious email.

Impact:
GHOST is considered to be critical because hackers could exploit it to silently gain complete control of a targeted Linux system without having any prior knowledge of system credentials (i.e. administrative passwords).

To execute the exploit code a hackers first need to gain access to a venerable system. So if you Linux server is secure with no existing vulnerabilities and you do not allow unauthorised file to be opened or executed on the system then the risk of impact is low

Some of the Affected Linus Distributions:

  • Debian 7 (wheezy),
  • Red Hat Enterprise Linux 6 & 7,
  • CentOS 6 & 7
  • Ubuntu 12.04

 

Best Course Of Action:
Mitigate the risk is to apply a patch from your Linux vendor

 

Detection:

To identify the version of glibc on your Linux system, run this command:
#ldd –version

To identify what file on your system are using glibc, run the  following command :
# lsof | grep libc | awk ‘{print $1}’ | sort | uniq

 

 

More Info can be found on the Qualys  Blog

None found.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You might also likeclose