On January 27, 2015, Linux world was struck by critical vulnerability called GHOST. The bug exists in GNU C Library (or Glibc) functions gethostbyname and gethostbyname2 starting from glibc-2.2 version released in 2000; it was fixed in glibc-2.18 version released in May 2013, therefore, only LTS distributions are vulnerable:
- Ubuntu 12.04,
- Debian 7,
- RHEL 6 and 7,
- CentOS 6 and 7.
Note: other libc implementations (such as uclibc, musl) are not vulnerable to GHOST.
Glibc library is an integral part of Linux; there are not so many desktop computers running Linux operating system, but the population of Linux servers is very high. It means that the network infrastructure of many technological projects is in danger.
Using a remote code execution (RCE), GHOST allows an attacker to get full control over the victim’s computer even without any credentials (sometimes it is enough to send an e-mail). Mail servers, MySQL servers, and Secure Shell servers are potentially vulnerable.
Probably, the easiest way to fix the bug is to update GNU C Library to a safe version (2.18 and higher). In order to protect a server, you can also install a patch released by the relevant Linux distribution. Since the information about the bug appeared on January 27, first patches are already available on the Internet. Moreover, you can find useful guidelines that can help you to detect all the distribution services, applications and executable files associated with the vulnerable glibc library.