Yes, it is. GHOST is a high severity vulnerability (CVE-2015–0235) that allows attackers to implement remote code execution (RCE) attack taking complete control of the victim system. It exploits a buffer overflow bug in glibc’s GetHOST functions (hence the name).
Fortunately, Linux vendors already have necessary updates available as Qualys company was in touch with them before disclosing vulnerability.
Linux systems that use versions of the GNU C Library prior to glibc-2.18 are vulnerable to GHOST. Among them most stable and long-term-support distributions including Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04.
You can check glibc version with the help of ldd utility which uses glibc:
CentOS & RHEL
ldd --versionUbuntu & Debian
ldd --versionGlibc version will be contained in the first line of output.
ldd (GNU libc) **2.17**
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.If the version of glibc is older than 2.18, your system is vulnerable to GHOST.
All you need is to install update provided by your Linux vendor. Feel free to use your default package manager since it is the most easy way to get necessary things done.
CentOS & RHEL
sudo yum update glibcUbuntu & Debian
sudo apt-get update && sudo apt-get dist-upgradeTo make updates take affect you need have to relaunch all applications that use GNU C Library. It could be a tough task, so reboot the whole server if you can so.
Otherwise, use this trick to check which applications actually need to be restarted and relaunch only them:
lsof | grep libc | awk '{print $1}' | sort | uniqAnd the following command script does the whole job for you:
for s in $(lsof | grep libc | awk '{print $1}' | sort | uniq); do if [[ -f "/etc/init.d/$s" && "$(ps aufx | grep -v grep | grep $s)" ]]; then echo $s; service $s restart; fi; doneWeb application firewalls (WAF) working on application layer is not a proper tool to mitigate attacks exploiting this kind of vulnerabilities. But as GHOST, for sure, could effect web infrastructure security, we need to be sure that our customers have updated their systems. Just patch immediately!
If you have any questions about this bug, please let us know.
Your board wants AI. Your developers are building with it. Your budget committee is asking…
AI systems are no longer just isolated models responding to human prompts. In modern production…
Broken authorization is one of the most widely known API vulnerabilities. It features in the…
The shadow technology problem is getting worse. Over the past few years, organizations have scaled…
API security has been a growing concern for years. However, while it was always seen…
It’s an unusually cold winter morning in Houston, and Craig Riddell is settling into his…