GHOST, a critical Linux security Bug reveals

GHOST, a critical Linux security , The GHOST Vulnerability, The GHOST vulnerability is a serious weakness in the Linux glibc library., What is glibc?, Linux security issue, hacking system, exploiting GHOST bug, GHOST Bug puts millions of system under threats, security bug on Linux system
Last year Security researcher have found a critical bug on Linux dubbed as Shell Shocks (Bash Bug), which leaves whole internet under threats. After the couples of the months also there tonnes of Linux system that are vulnerable to Shell Shock a.k.a Bash Bug.

Once again  researcher from cloud security company Qualys have found another critical security bug on Linux GNU C Library (glibc) dubbed as GHOST (CVE-2015-0235). This vulnerability allows any hacker to take full control over the vulnerable system remotely without knowing any system IDs or passwords.

Qualys team had reported the issue to all the major distributor and most of them have released the patch for the vulnerability. One of the major Linux distributor Red Hat have already issues the patch for the bug and  users can update it to fix GHOST. Currently Red Hat had released the patch for the 5, 6, and 7 via the Red Hat Network.

Since from November 2000, Linux system that were designed with glibc-2.2 was vulnerable to this bug. This means almost more than half of the network server system are vulnerable to GHOST.  

Linux System Vulnerable to GHOST
Linux systems that are liable to attack include Debian 7 (Wheezy), RHEL 5, 6, and 7, CentOS 6 and 7 and Ubuntu 12.04. Besides Red Hat's fix, Debian is currently repairing its core distributions, Ubuntu has patched the bug both for 12.04 and the older 10.04, and patch for the CentOS is on the way. 

Exploit GHOST Bug?
To exploit the GHOST bug attacker just have to exploit glibc's gethostbyname functions. This function is used on almost all networked Linux computers when the computer is called on to access another networked computer either by using the /etc/hosts files or, more commonly, by resolving an Internet domain name with Domain Name System (DNS).

An attacker needs to do is trigger a buffer overflow by using an invalid hostname argument to an application that performs a DNS resolution. This vulnerability then enables a remote attacker to execute arbitrary code with the permissions of the user running DNS.

Qualys's CTO Wolfgang Kandek, said in a statement that - "GHOST poses a remote code execution risk that makes it easy for the attacker to exploit and hijack victim machine. Attacker just have to send a simple email on a Linux-based system and to get complete access to that machine," 

Currently Qualys's team have not released all the technical details or the exploit of the vulnerability, but they mention that in future company will release exploit if the risk of the threats get low . 

We recommend all Linux users to update their system and also advised to all the server admin to patch it as soon as possible. You can also check the advisory notes by Qualys team for more information

Advisory Video for GHOST Bug
Read Also
Post a Comment