Gadgets Magazine

Linux Systems at Risk Due to “Ghost” Vulnerability

Posted on the 29 January 2015 by Nrjperera @nrjperera

A group of researchers have discovered a critical vulnerability in Linux distributions which could allow hackers to hijack and take control of an entire system to perform malicious activities. The vulnerability, named “Ghost”, has been found to be in the GNU C Library (glibc).

“During a code audit Qualys researchers discovered a buffer overflow in the __nss_hostname_digits_dots() function of glibc. This bug can be triggered both locally and remotely via all the gethostbyname*() functions. Applications have access to the DNS resolver primarily through the gethostbyname*() set of functions. These functions convert a hostname into an IP address.”

Read Also: Intel’s “Compute Stick” Turns Your TV into a Linux Computer

The vulnerability affects Linux systems that performs domain name resolution, including server systems and apps. Researchers at Qualys, who’s found the vulnerability, believes that this bug is very difficult to exploit and claims many apps are safe from Ghost. Even though, most of the major Linux ditros were found to be exposed, including Debian 7, Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, and Ubuntu 12.04.

If you’re using a Linux distro on your computer for simple everyday work, you should not be worried.  The vulnerability in the GNU C Library was first introduced with its release in 2000, but it was later fixed in a 2013 release. Patches have already been released to Linux vendors to fix the issue.

[Via: Trend Micro / Source: Qualys ]
(All images, trademarks shown on this post are the property of their respective owners)

Follow @nrjperera – Roshan Jerad Perera



Back to Featured Articles on Logo Paperblog