Researchers for Redwood City, Calif.-based security vendor Qualys Inc. discovered the vulnerability, which is officially labeled CVE-2015-0235, but has been nicknamed GHOST because it can be triggered by the DNS resolver “_gethostbyname” function. This function translates hostname to ip address. The flaw, first reported by Threatpost, has been confirmed in Linux systems using GNU C Library (glibc) versions 2.2 and newer, which includes all glibc versions released since Nov. 10, 2000.
Qualys has categorized this as a critical vulnerability due to the vast number of affected systems, and because attackers can exploit the flaw remotely to gain control of a system without having any prior knowledge of system credentials.
“GHOST poses a remote code execution risk that makes it incredibly easy for an attacker to exploit a machine,” said Wolfgang Kandek, chief technical officer for Qualys. “For example, an attacker could send a simple email on a Linux-based system and automatically get complete access to that machine.”
How to Test GHOST vulnerability?
$ wget https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c $ gcc GHOST.c -o GHOST $ ./GHOST [responds vulnerable OR not vulnerable ] Note: Reboot your system after applying patches for this vulnerability. How to Patch? in debian, ubuntu systems; $ sudo apt-get upgrade in centos, red hat, oracle unbreakable systems $ yum update