Sanchayani

Title :Advisory for GHOST glibc Remote Code Execution


Blogger :पूजा


SUbject :Information Security Awareness



likes:2 dislike:0


GHOST glibc Remote Code Execution Vulnerability

Description

A critical vulnerability has been found in glibc, the GNU C library that affects all Linux systems which was

built with glibc-2.2. Attackers can use this flaw to execute code and remotely gain control of Linux

machines. GHOST has been traced back to a buffer overflow flaw in the __nss_hostname_digits_dots ()

function of glibc

Severity:

HIGH

Impact

An attacker who successfully exploits the flaw can potentially gain complete control over an affected

machine without any prior knowledge of system logins or passwords.

For successful exploitation, the attacker triggers a buffer overflow by using an invalid hostname argument

to an application that performs a DNS resolution. This vulnerability then enables a remote attacker to

execute arbitrary code with the permissions of the user running DNS.

About the vulnerability:

GHOST is a 'buffer overflow' bug affecting the gethostbyname () and gethostbyname2 () function calls in

the glibc library. This vulnerability allows a remote attacker that is able to make an application call to

either of these functions to execute arbitrary code with the permissions of the user running the

application.

The gethostbyname () function calls are used for DNS resolving, which is a very common event. To

exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname

argument to an application that performs a DNS resolution.

The easiest way to fix the GHOST vulnerability is to use your default package manager to update the

version of glibc. The following subsections cover updating glibc on various Linux distributions, including

Ubuntu, Debian, CentOS, and Red Hat.

Affected operating system:

• Red Hat Enterprise Linux 6 & 7

• CentOS 6 & 7

• Ubuntu 12.04

• Debian 7

Affected Application:

• Glibc version 2.2 - 2.17

Solution

Kindly upgrade glibc package to its latest version (Version 2.18 or later).

Refer the link: http://www.gnu.org/software/libc/