GHOST: Critical Vulnerability in Linux Systems

The company Qualys Inc. has found a critical vulnerability (denominated GHOST and coded as CVE-2015-0235) evaluated by the company as High Severity, it affects a great deal of Linux systems that use the library glibc starting from the 2.2 version to the 2.18.  The vulnerability owes its name to the fact that it can manifest through the GetHOST functions.

The glibc library provides and defines calls to the system and other basic functions used by multiple programs in the systems that make use of them. It is used a lot in the Linux systems, where it is installed with the name libc6, thus servers that support large amounts of system software may be affected.

Researchers discovered an overflow in the buffers in the function _nss_hostname_gigits_dots() of the glibc library. This failure can be triggered locally or remotely by the gethostbyname*() function and this function is also used by the applications to access the DSN service.

The company stated that “GHOST poses a remote code execution risk that makes it incredibly easy for an attacker to exploit a machine. For example, an attacker could send a simple email on a Linux-based system and automatically get complete access to that machine”.

This vulnerability should be addressed immediately. Qualys points out that the best course of action to mitigate the risk is to apply the patch provided by the vendor of the corresponding Linux system and it provides links to the websites of several makers.

References

http://unaaldia.hispasec.com/2015/01/getrootbygethostbyname.html

https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/th...

https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

https://community.qualys.com/thread/14452

 

English