Contact Us

For Colocation Support Call: 888-365-2656

For All Other Inquiries Call: 888-365-2656

USE OUR CONTACT FORM FOR ALL GENERAL, SALES, WEB RELATED QUESTIONS.

If you require immediate assistance, please call us.

GHOST Vulnerability Effecting GLIBC

GHOST Vulnerability Effecting GLIBC

Background Information

GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Impact

The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.

The GHOST vulnerability can be exploited on Linux systems that use versions of the GNU C Library prior to glibc-2.18. That is, systems that use an unpatched version of glibc from versions 2.2 to 2.17are at risk. Many Linux distributions including, but not limited to, the following are potentially vulnerable to GHOST and should be patched:

  • CentOS 6 & 7
  • Debian 7
  • Red Hat Enterprise Linux 6 & 7
  • Ubuntu 10.04 & 12.04
  • End of Life Linux Distributions

Resolution

Check version of GLIBC installed –

rpm -q glibc

yum update glibc

reboot

More details: https://access.redhat.com/articles/1332213

 

Tim Mektrakarn
VPLS-Sales
Cookie Policy