Critical Ghost Vulnerability(Successor of Heartbleed and Shellshock)

php_ghost-680x400

The most talked issue in the field of Information Security now days is                    ”Ghost vulnerability”, a buffer overflow bug found in the glibc function name – “GetHOSTbyname(). This vulnerability can not only comprise your Linux system but also can compromise web servers through wordpress and likely other PHP applications.

Vulnerability Background

GNU C Library aka glibc is the standard C library that has been implemented as a core part in Linux Operating System. This vulnerability was discovered in the functions of glibc named gethostbyname and the reason behind this vulnerability is buffer overflow bug which is located in the heap. So to exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.

Impact

Security Researchers have already developed a remote exploit for this vulnerability. They were able to write POC(Proof of Concept) exploit that could carry out remote code execution attack against the Linux system and most of the server world wide uses Linux Operating System. Security researchers were also successful to bypass all existing exploit protections (like ASLR, PIE and NX) available on both 32-bit and 64-bit systems, including position independent executions, address space layout randomization and no execute protections by the same exploit.

Affected Version

The first vulnerable version of the GNU C Library is glibc-2.2 which was released on Nov 10, 2000. But this vulnerability was fixed on May 21, 2013(between the releases of glibc-2.17 and glibc-2.18) According to the researchers from Qualys who discovered this vulnerability, it was not recognized as a security threat; as a result, most stable and long-term-support distributions were left exposed (and still are): Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04.

Solutions

The best course of action to mitigate this risk is to apply a patch from your Linux vendor. Major distributors of the Linux operating system, including Red Hat, Debian and Ubuntu, has already issued patched for this vulnerability. In order to apply this patch and to update systems, core functions or the entire affected server reboot is required.

Comments
  1. Sarmik
  2. Kliknij
  3. Hunts International Removals

Leave a Reply

Your email address will not be published. Required fields are marked *

*

5 × two =