Sales
0161 215 3814
0800 953 0642
Support
0800 230 0032
0161 215 3711

THE NEW LINUX FLAW THAT’S GETTING EVERYONE SPOOKED

There’s never a quiet moment, and – if the snow wasn’t enough excitement for you today – a new security vulnerability has been found in the GNU glibc library, dubbed GHOST (CVE-2015-0235). If this doesn’t mean anything to you, it’s a new bug that – whilst not quite at ‘Heartbleed’ on the DEFCON scale – is pretty serious, and if you’re a Linux user it may well affect you, so there are steps that you need to take asap to protect yourself and your business. 

ghost_300x225

What is GHOST:

In techie terms, GHOST is a heap-based buffer overflow in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call. Full details can be found in a public mailing list along with a proof of concept.

In English, it’s a critical Linux security hole which has the possibility to allow attackers to take control of your system without any of the passwords, though this has yet to be proven.

What’s the Risk?

A remote attacker could use this flaw to execute arbitrary code with the permissions of the user running the application.

So, fair to pretty serious.

What services use GNU glibc?

There are a high number of services on GNU Linux that depend on GNU glibc (mysql, bacula, exim ,nginx just to name a few). To check which services depend on GNU glibc you can run the following command:

`lsof | grep libc | awk ‘{print $1}’ | sort | uniq`

What distributions are in scope?

Currently the following distributions are affected:

RHEL 5.x, 6.x and 7.x

CentOS 5.x, 6.x and 7.x

Ubuntu LTS 10.04 and 12.04

Debian version 7

How do I fix this?

There is now a patch in repositories for all major LTS distributions. The patch can be applied using the distributions package manager. Once applied any service that is using GNU glibc will need to be restarted, it’s probably easiest to just reboot the entire server as most services depend on this library.

**UKFast Customers – please read**

If you’re a UKFast customer we will be sending an email out today with further information, but please be assured, we are currently updating affected servers. Once your server is updated we will send you an email with a link to MyUKFast where we encourage you to reboot your system.

If there are any issues or special circumstances around this, or you have any questions, please get in touch with your account manager.

Share with: