What is GHOST vulnerability?
GHOST vulnerability is a recently found critical loophole in the Linux glibc library. Because of this vulnerability, attackers can remotely gain complete control over the victim Linux system even without having system credentials. CVE-2015-0235 has been assigned to this issue. All credit goes to the research team of Qualys, who discovered this bug and worked closely with all Linux distribution vendors. It is called “GHOST vulnerability”, because it is triggered by the GetHOST functions.
What is this vulnerability? How can it affect Linux systems?
Qualys researchers found buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library glibc.
This bug can be triggered both locally and remotely via all the gethostbyname*() functions.
Applications have access to the DNS resolver primarily through the gethostbyname*() set of functions. These functions convert a hostname into an IP address. Due to this vulnerability, an attacker can exploit the remote system and gain complete control through remote code execution.
Qualys team developed a proof-of-concept in which they specially created full-fledged remote exploit against the Exim mail server, bypassing all existing protections (ASLR, PIE, and NX) on both 32-bit and 64-bit machines. They gained remote shell access to remote Linux machine with the help of specially crafted email sent to the target machine.
What is glibc?
The GNU C Library or glibc is an implementation of the standard C library and a core part of the Linux operating system. Without this library a Linux system cannot function.
How to mitigate the risk involved?
The best way to mitigate the risk is to apply a patch from your Linux vendor.
Which versions and operating systems are affected due to this vulnerability?
As this vulnerability was not recognized as a security threat, the most stable and long-term-support distributions were left exposed and affected which includes Debian 7, Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04.
