January 30, 2015

Posted in:

Host to Patch the Ghost – Critical Patch: GHOST CVE-2015-0235

Ghost VulnerabilitySecurity Advisory for Linux Servers

On 1/27/2015, an advisory was released regarding Linux OS. CVE-2015-0235 has been released, involving a common piece of software on all Linux systems called glib. The CVE is being dubbed “GHOST” and is labelled as CRITICAL by Red Hat.

What is GHOST?

GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

What servers are affected that are hosted with Edge?

RHEL5, RHEL6, RHEL7, CentOS6, and CentOS7.

What is glib?

It is an implementation of the standard C library and a core part of the Linux operating system. Without this library a Linux system will not function.

What is the risk of not patching?

Not patching glib and nscd can allow an attacker to take complete control over a Linux server without knowledge of system credentials. Proof of concepts have been developed to determine the legitimacy of the vulnerability. Due to this and the risk of full system compromise, GHOST has been labelled as CRITICAL for patching by RedHat.

What servers are vulnerable?

Servers dating back to November 2000 when glibc-2.2 was released are considered vulnerable. While a fix was put in place on May 21, 2013, it was not recognized as a security threat by the vendor and therefore most stable and long term support distributions were left exposed, including RHEL5, RHEL6, RHEL7, CentOS6, and CentOS7.

How do I patch against the vulnerability?

Log into the server and become root. Run the following command and reboot the server for the changes to take effect.

yum update glib* nscd*

shutdown now -r

If there’s an error stating that nscd is not installed, there’s no need to install it. That portion may be skipped.

Go back