ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

GHOST Vulnerability Hit Linux

Updated on January 28, 2015

GHOST Vulnerability

On January 27, 2015 high severity vulnerability known as GHOST (CVE-2015-0235) hit Linux systems that allow the attacker to remotely take control of the system.

What is GHOST Vulnerability?

GHOST is a vulnerability that can be triggered by gethostbyname function (part of glibc), makes it incredibly easy for an attacker to exploit the system using remote code execution. For example, an attacker can send a specifically crafted email to a Linux based mail server and automatically get complete access to that server!

Why it is called GHOST Vulnerability?

It has been called GHOST vulnerability; because it can be triggered by the GetHOST functions in glibc.

What is glibc?

Known as the GNU C Library, it is an implementation of the standard C library programming language and the core part of the Linux OS.


Who is affected?

Any Linux system that use glibc starting with glibc-2.2 that released on November 10, 2000

Which include all supported Linux systems like: Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7 and Ubuntu 12.04

What to do?

All Linux distribution vendors have released patches for glibc at the same day of announcement January 27, 2015.

SO, every system administrator managing a Linux server is advised to update his servers.


Who discovered it?

Qualys security researchers discovered this bug and worked closely with Linux distribution vendors; to prepare the patches then announced the vulnerability.

Amol Sarwate discusses the GHOST Vulnerability


    0 of 8192 characters used
    Post Comment

    • mohammadoweis profile image

      Mohammad Oweis 3 years ago from Jordan

      The name is GHOST not GOST, and its named after GetHost function (G Host).

      What to do: Nothing!

      You are completely wrong.

      The bug has been partially fixed on May 21, 2013, but it has not been classified as security update, none of Linux vendors has integrated this update into glibc.

      Now all Linux distributions released the new update and everyone should update their systems.

      But the way, the system has to be rebooted for new update to take effect.

    • profile image

      Knut 3 years ago

      GOST vulnerability: Discussing a security issue at the time of Windows 95.

      Gethostbyname is a Unix SVID volume 3: Socket(8) and thus a POSIX compliant routine that must be supplied to obtain POSIX certification. It use a string input "name", and will query the DNS for that particular name and return a int: IP address. CLI equivalent is NSLOOKUP

      It is called "GOST" because someone named it so.

      It is a buffer overrun that has been discover many years ago, where the use of the routine change the "UID" of the calling user to the "UID" of the DNS - which could be "root".

      Glibc is the standard C library supplied to everyone.

      Who is affected: NOBODY - the bug has been fixed, but it just may be that the binaries have not been relinked the last decades.

      What to do: Nothing - get some sleep!

      The problem has been fixed and sorted out a long time ago. Linux is not Windows, security is taken serious and when critical errors are found these are fixed more or less instantly, and updates are distributed that will AUTOMATICALLY update all affected. So in this case, when the C-library is changed, everything that is coded in C/C++ will be reloaded and relinked to the new library. Linux is very different to Windows.