A vulnerability in a widely used component of many Linux distributions could allow remote attackers to take control of a system. Researchers at Qualys have dubbed it Ghost since it can be triggered by the “gethost” functions in Linux.
The vulnerability can be found in the in the GNU C Library, known as glibc for short. Without glibc, a Linux system couldn’t function. The flaw is found in __nss_hostname_digits_dots(), a glibc function that’s invoked by the gethostbyname() and gethostbyname2() function calls. An attacker able to access either function could take remote control of the entire Linux system.
A series of misfortunes have helped Ghost to slip through the cracks. First of all, the bug had been previously identified and fixed back on May 21, 2013, as Qualys CTO Wolfgang Kandek writes. However, at the time it was seen only as a flaw, not a threat, and no further patching was done:
Unfortunately, it was not recognized as a security threat; as a result, most stable and long-term-support distributions were left exposed including Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04, for example.”
Secondly, since Ghost affects a code library that’s integral to the Linux system, patching it is no simple fix. Patching the GNU C Library will mean that the Linux core functions, or the entire affected server, will have to be rebooted. Companies will have to schedule that downtime, which means affected servers could stay vulnerable for some time longer.
With all the worlds’ Linux distributions to choose from, it’s unlikely your homebrew Linux server is anywhere near high risk. And now that Red Hat, Debian, Ubuntu and Novell have all issued patches, Linux server operators have the resources to stay in the clear.
Photo by Jon Feinstein