Ghost GLIBC Remote Code Execution Vulnerability affects most linux systems
The vulnerability, CVE-2015-0235, is nicknamed GHOST because of its relation to the _gethostbyname function. Researchers have said that the discovered flaw goes back till glibc version 2.2 all the way back to November 2000.
A critical vulnerability has been found in glibc, the GNU C library, that affects all Linux systems dating back to 2000. Attackers can use this flaw to execute code and remotely gain control of Linux machines.
The issue stems from a heap-based buffer overflow found in the __nss_hostname_digits_dots() function in glibc. That particular function is used by the _gethostbyname function calls.
A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application
Unfortunately, it was not recognized as a security threat; as a result, most stable and long-term-support distributions were left exposed (and still are): Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04
It is not as confusing as the Shellshock:
In this instance, you just apply the glibc update, and restart any services that are vulnerable,” Bressers said. “It’s not confusing like Shellshock was.
There are mitigations against remote exploitation too, Qualys said. Servers, for example, use gethostbyname to perform full-circle reverse DNS checks. “These programs are generally safe because the hostname passed to gethostbyname() has normally been pre-validated by DNS software,” the advisory.
“It’s not looking like a huge remote problem, right now,” Bressers said.
Updates Available for Linux Distros:
