GHOST bug haunts Linux users

Researchers of Cloud Security firm Qualys have discovered vulnerability in Linux GNU C Library (glibc) library which can be manipulated to gain remote access of the attacked system.

Glibc is also is an integral part of the Linux operating system without which Linux system will not function.

Researchers found out buffer overflow in the __nss_hostname_digits_dots() function of glibc , and hackers could trigger it both locally and remotely via all the gethostbyname*() functions; which led to the naming of the bug as dubbed, ‘GHOST’.

Hackers could gain partial or remote access allowing for arbitrary code execution.

Qualys said that to manage the risk users will need to apply a patch from Linux vendor, and the company claims that it has worked with Linux distribution vendors to create patches that are now available to users.

Qualys added: "According to our data once the vulnerability has reached its half-life we will release the exploit.

"Half-life is the time interval measuring a reduction of a vulnerability’s occurrence by half. Over time, this metric shows how successful efforts have been to eradicate vulnerability.

"A shorter half-life indicates faster remediation. Half-life was originally coined by Qualys in the Laws of Vulnerability."

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

Favourites

  • Favorite list is empty.
FavoriteLoadingClear favorites

Your favorite posts saved to your browsers cookies. If you clear cookies also favorite posts will be deleted.