GHOST – The latest Linux Vunlerability


During a code audit performed internally at Qualys, a buffer overflow in the GNU C Library (glibc) was found. Qualys worked closely with Linux distribution vendors to create a patch for all distributions impacted. Vendors made the patch available Wednesday January 28, 2015.

GHOST exposes a buffer overflow that can be triggered locally and remotely in the gethostbyname functions. It allows attackers to take full control of a machine through the heap-based buffer overflow __nss_hostname_digits_dots() function used by the gethostbyname function calls. Numerous core processes call on gethostbyname, including but not limited to auditd, dbus-daem, dhclient, init, master, mysqld, rsyslogd, sshd and udevd. Applications using glibc are granted access to a DNS resolver, which converts the hostnames into an IP address.

ZZ Servers has patched all internal systems as of January 29, 2015. Managed clients will be patched by Friday February 6, 2015.

ZZ Servers strongly recommends that all other clients patch their Linux systems with the latest update to glibc. Applying the needed patch is just the same as installing all other patches on a Linux system. However, the flaw exists in older versions of glibc predating the 2.18 release. The latest available patches for all glibc versions of RedHat and Debian flavors have fixed the GHOST vulnerability.