A vulnerability has been identified in the GNU C library that can lead to remote code execution (RCE), allowing attackers to run code of their choice on affected machines. The CVE-ID CVE-2015-0235 has been reserved for the bug, which is being nicknamed “GHOST”.
Qualys, who discovered it, said:
“During a code audit performed internally at Qualys, we discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions”.
The first vulnerable version of the GNU C library is glibc-2.2, which was released on 10 November 2000.
The bug was fixed on 21 May 2013, between the releases of glibc-2.17 and glibc-2.18), but “it was not recognized as a security threat [and] as a result, most stable and long-term-support distributions were left exposed (and still are): Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04, for example.”
Patches are already being rolled out. As ever, we advise you to apply them, as appropriate.
Keeping your software up to date is an essential part of ensuring that your systems are secure from malicious intrusion. Organisations that want to ensure that patch management processes are rigorously followed are advised to implement an information security management system, as set out in the international standard ISO 27001.
IT Governance’s ISO 27001 Packaged Solutions provide implementation resources and guidance suitable for all organisations.
Limited offer: order online in January 2015 and get a 10% discount.