Ghost Vulnerability

A critical vulnerability is discovered in GNU C Library (glibc). The GNU C Library, commonly known as glibc, is the GNU Project’s implementation of the C standard library and a core part of the Linux operating system.

GNU C Library (glibc) is used in most of the Linux distributions, which is prone to a heap-based buffer overflow vulnerability and allows local and remote attackers to execute arbitrary code on the vulnerable systems. The vulnerability was discovered by researchers at Qualys. CVE-2015-0235 has been assigned to this vulnerability.

The vulnerability exists in the __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls, hence the name GHOST (GetHOST) vulnerability. The vulnerability can be triggered via gethostbyname() and gethostbyname2() functions. Successful exploitation allows local/remote attackers to execute arbitrary code. Also attacker can bypass security protections mechanism like NX, ASLR and PIE on both 32-bit and 64-bit systems successfully.

GNU C Library (glibc) is used in most of the Linux based appliances from different vendors and it’s a core component for Linux systems. Similar to Heartbleed, Shellshock and POODLE, this affects wide range of applications. Due to it’s nature and wide range of affected products it’s rated as critical vulnerability.

According to Qualys this bug was fixed in 2013 as a minor bug fix but not as security fix, hence vendors using glibc library at that time have ignored to update, as a result, many stable and LTS (long term support) distributions are affected by this vulnerability including Debian 7, RHEL 6 & 7, CentOS 6 & 7, Ubuntu 12.04 etc.

Simple steps to check GNU C Library is vulnerable:

  1. We can download a tool from the University of Chicago that will let us test our system for the vulnerability.
    • wget
  2. Run Following commands:
    • gcc GHOST.c -o GHOST
    • ./GHOST
  3. Above command responds whether system is vulnerable OR not vulnerable
    • vulnerable

We strongly suggest to apply the latest available patches from your vendors as soon as possible and you need to reboot for changes to take effect.

SecPod Saner detects these vulnerabilities and automatically fixes by applying security updates. Download Saner now and keep your systems updated and secure.

– Kumarswamy S

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>