Toggle navigation
Sanchayani
About
Services
Contact
Login
Registration
Title :Advisory for GHOST glibc Remote Code Execution
Blogger :पूजा
SUbject :Information Security Awareness
likes:2 dislike:0
GHOST glibc Remote Code Execution Vulnerability
Description
A critical vulnerability has been found in glibc, the GNU C library that affects all Linux systems which was
built with glibc-2.2. Attackers can use this flaw to execute code and remotely gain control of Linux
machines. GHOST has been traced back to a buffer overflow flaw in the __nss_hostname_digits_dots ()
function of glibc
Severity:
HIGH
Impact
An attacker who successfully exploits the flaw can potentially gain complete control over an affected
machine without any prior knowledge of system logins or passwords.
For successful exploitation, the attacker triggers a buffer overflow by using an invalid hostname argument
to an application that performs a DNS resolution. This vulnerability then enables a remote attacker to
execute arbitrary code with the permissions of the user running DNS.
About the vulnerability:
GHOST is a 'buffer overflow' bug affecting the gethostbyname () and gethostbyname2 () function calls in
the glibc library. This vulnerability allows a remote attacker that is able to make an application call to
either of these functions to execute arbitrary code with the permissions of the user running the
application.
The gethostbyname () function calls are used for DNS resolving, which is a very common event. To
exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname
argument to an application that performs a DNS resolution.
The easiest way to fix the GHOST vulnerability is to use your default package manager to update the
version of glibc. The following subsections cover updating glibc on various Linux distributions, including
Ubuntu, Debian, CentOS, and Red Hat.
Affected operating system:
• Red Hat Enterprise Linux 6 & 7
• CentOS 6 & 7
• Ubuntu 12.04
• Debian 7
Affected Application:
• Glibc version 2.2 - 2.17
Solution
Kindly upgrade glibc package to its latest version (Version 2.18 or later).
Refer the link: http://www.gnu.org/software/libc/