GHOST a 14 year old vulnerability in Linux

New vulnerability have been discovered by Qualys security researchers called GHOST that affect Linux based systems in the  glibc-2.2 (GNU C Library) since 2000. Ghost allow attacker to control a system without having any credentials.

The vulnerability may exist on several servers including mail servers, MySQL-servers, SSH servers and even services processed over web applications. the attack will start by a buffer overflow in the function __nss_hostname_digits_dots () that uses the gethostbyname () and gethostbyname2 () library Glibc.

Most vulnerability scanners should already have the detection for this bug so it is time to scan and identify all affected systems with CVE-2015-0235 and take the corrective measure by patching affected systems. Also it is time to add the signature to your IDS so you can detect any attempt for exploiting such vulnerability.

Qualys have also posted a script that may assist in finding this vulnerability which you can find here.

Notify of
Inline Feedbacks
View all comments