tmdhosting-ghost-security-vulnerability

Couple of hours ago serious vulnerability bug in glibc gethostby functions has been announced by the security company Qualys and was named vulnerability “GHOST” – (CVE-2015-0235).

 

What is Ghost?

GHOST a.k.a.  (CVE-2015-0235) is high severity vulnerability found in Linux GNU C Library that gives attackers control without system credentials. It is a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc).

 

Why it was named GHOST?

It is called the GHOST vulnerability as it can be triggered by the GetHOST functions.

 

How it works?

“GHOST poses a remote code execution risk that makes it incredibly easy for an attacker to exploit a machine. For example, an attacker could send a simple email on a Linux-based system and automatically get complete access to that machine,” said Wolfgang Kandek, Chief Technical Officer for Qualys, Inc.

This bug is reachable both locally and remotely via the gethostbyname*() functions, which makes it a serious security vulnerability for all devices using the GNU C Library is glibc. A remote attacker could use this flaw to execute arbitrary code with the permissions of the user running the application.

The first vulnerable version of the GNU C Library is glibc-2.2, was released on November 10, 2000 which makes the issue quite widespread and immediate actions are required. The best course of action to mitigate the risk is to update the glibc library to the newest one .

 

How to patch the vulnerability?

This issue was fixed upstream in glibc 2.18 and simple update of this library would fix the issue on every affected machine.

 

Conclusion.

If you are TMDHosting client there is nothing to worry about. All of our servers were patched in day zero against the GHOST – (CVE-2015-0235) vulnerability bug.

We will be following this topic and, in case there any further important updates, we will continue to inform you.

 

References:

Qualys Advisory: https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
Openwall Project:  http://www.openwall.com/lists/oss-security/2015/01/27/9
RedHat: https://rhn.redhat.com/errata/RHSA-2015-0090.html
Ubuntu: https://launchpad.net/ubuntu/+source/eglibc
Debian: https://security-tracker.debian.org/tracker/CVE-2015-0235|
GNU C Library: http://www.gnu.org/software/libc/