GHOST glibc Library Vulnerability
Posted by Brent S. on 27 January 2015 06:23 PM

Touch Support is aware of a critical vulnerability in the glibc library. This vulnerability is commonly known as GHOST and has been assigned CVE-2015-0235.

What this means:

GHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker to execute arbitrary code with the permissions of the user running the application.

The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that then calls gethostbyname().

What to do:

If you're currently subscribed to one of our server administration plans, our staff is already in the process of upgrading all affected servers to a non-vulnerable version of glibc.

Otherwise, if you are the administrator of a Linux server, update your version of ‘glibc’ to a patched version immediately. To eliminate the possibility of an exploit:

  1. Update the glibc and ncsd packages on your system
  2. Restart vulnerable services that use glibc (since so many services use glibc, the safest option is to restart the system).

The Touch Support difference:

We install a unique set of tools onto your server when you subscribe to a server administration plans.

When these types of vulnerabilities arise, our team quickly identifies them and develops a plan to keep your data safe, which typically include software updates that are rolled out to all affected servers. Then, we check to make sure they are no longer vulnerable. But, we don't stop there.

Our proprietary system administration tools are then updated to include a check for the specific vulnerability so that our administrators are instantly notified of future issues.

Comments (0)
Post a new comment
Full Name:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).