RSS Feed
News
Jan
28
Notification - 'GHOST' Linux vulnerability
Posted by Andy Shephard on 28 January 2015 16:27

A buffer overflow bug has been discovered in the glibc library found within many distributions of Linux, including CentOS and Debian.  Dubbed ‘GHOST’ (CVE-2015-0235), this vulnerability is exploitable remotely and locally, allowing for arbitrary code execution and therefore unauthorized access.  This is achieved through use of the gethostbyname() function calls used for DNS resolving.

 

Patches have been made available for a number of Linux distribution and it is recommended that you patch as soon as possible.  This can be achieved in the following ways:

For CentOS, Red Hat, Fedora etc:

$ yum clean all && yum update

For Debian, Ubuntu and derivatives:

$ apt-get clean && apt-get update && apt-get upgrade

 

After installing the latest version of the glibc package, you will need to ensure that all packages dependent on glibc are restarted.  These can be identified with the following:

$ lsof | grep libc | awk '{print $1}' | sort | uniq

*The lsof package may need to be installed ($ yum install lsof)

Alternatively, rebooting the entire server will also achieve this.  If you can't reboot the entire system, restart at least all public-facing services like webservers, mailservers, etc.

 

Please also note that other vendor-specific devices and software may be vulnerable, but as yet patches have not been released.

 

If you require any assistance with securing your system, please raise a ticket with Domicilium Operations via Resolve, or speak to your account manager.