Yes, it is. GHOST is a high severity vulnerability (CVE-2015–0235) that allows attackers to implement remote code execution (RCE) attack taking complete control of the victim system. It exploits a buffer overflow bug in glibc’s GetHOST functions (hence the name).
Fortunately, Linux vendors already have necessary updates available as Qualys company was in touch with them before disclosing vulnerability.
Linux systems that use versions of the GNU C Library prior to glibc-2.18 are vulnerable to GHOST. Among them most stable and long-term-support distributions including Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04.
You can check glibc version with the help of ldd utility which uses glibc:
CentOS & RHEL
ldd --versionUbuntu & Debian
ldd --versionGlibc version will be contained in the first line of output.
ldd (GNU libc) **2.17**
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.If the version of glibc is older than 2.18, your system is vulnerable to GHOST.
All you need is to install update provided by your Linux vendor. Feel free to use your default package manager since it is the most easy way to get necessary things done.
CentOS & RHEL
sudo yum update glibcUbuntu & Debian
sudo apt-get update && sudo apt-get dist-upgradeTo make updates take affect you need have to relaunch all applications that use GNU C Library. It could be a tough task, so reboot the whole server if you can so.
Otherwise, use this trick to check which applications actually need to be restarted and relaunch only them:
lsof | grep libc | awk '{print $1}' | sort | uniqAnd the following command script does the whole job for you:
for s in $(lsof | grep libc | awk '{print $1}' | sort | uniq); do if [[ -f "/etc/init.d/$s" && "$(ps aufx | grep -v grep | grep $s)" ]]; then echo $s; service $s restart; fi; doneWeb application firewalls (WAF) working on application layer is not a proper tool to mitigate attacks exploiting this kind of vulnerabilities. But as GHOST, for sure, could effect web infrastructure security, we need to be sure that our customers have updated their systems. Just patch immediately!
If you have any questions about this bug, please let us know.
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator…
Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure…
This is a predictions blog. We know, we know; everyone does them, and they can…
The attack landscape has been dynamic following the disclosure of the React Server Components RCE…
As the year draws to a close, it’s worth pausing to look back on what…
On December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability…