GHOST glibc based vulnerability in Linux systems

Researchers for Redwood City, Calif.-based security vendor Qualys Inc. discovered the vulnerability, which is officially labeled CVE-2015-0235, but has been nicknamed GHOST because it can be triggered by the DNS resolver “_gethostbyname” function. This function translates hostname to ip address. The flaw, first reported by Threatpost, has been confirmed in Linux systems using GNU C Library (glibc) versions 2.2 and newer, which includes all glibc versions released since Nov. 10, 2000.

Qualys has categorized this as a critical vulnerability due to the vast number of affected systems, and because attackers can exploit the flaw remotely to gain control of a system without having any prior knowledge of system credentials.

“GHOST poses a remote code execution risk that makes it incredibly easy for an attacker to exploit a machine,” said Wolfgang Kandek, chief technical officer for Qualys. “For example, an attacker could send a simple email on a Linux-based system and automatically get complete access to that machine.”

 

How to Test GHOST vulnerability?

$ wget https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c
$ gcc GHOST.c -o GHOST
$ ./GHOST
[responds vulnerable OR not vulnerable ]

Note: Reboot your system after applying patches for this vulnerability.

How to Patch?

in debian, ubuntu systems;

$ sudo apt-get upgrade

in centos, red hat, oracle unbreakable systems

$ yum update