Ghost vulnerability in Linux glibc library (CVE-2015-0235)

This information was sent to U-M IT staff groups on January 27, 2015.

This message is intended for U-M IT staff who are responsible for maintaining and running university Linux machines.

Summary

The GHOST vulnerability is a serious weakness in the Linux glibc library affecting systems dating back to 2000. It allows attackers to remotely take complete control of the victim system and execute code without prior knowledge of system credentials.

Problem

There is a vulnerability in the _gethostbyname functions used in the GNU C library used in many stable distributions of Linux.

Threats

Attackers could remotely take complete control of the victim system and execute code without prior knowledge of system credentials. While active exploitation is not occurring, proof-of-concept code exists and will be released by the researchers who originally discovered the vulnerability.

Affected Systems

  • GNU C Library versions glibc-2.16 and older.
  • All Linux distributions running glibc-2.16 and older are vulnerable, including:
  • Debian 7 (wheezy)
  • RedHat Enterprise Linux 6 and 7
  • Ubuntu 12.04
  • CentOS 6 and 7

Distributions using glibc-2.17 and newer are not affected.

Action Items

Apply the patch from the appropriate Linux vendor after appropriate testing.

Technical Details

The vulnerability stems from a heap-based buffer overflow found in the __nss_hostname_digits_dots() function in glibc. That particular function is used by the _gethostbyname function calls, which are used to convert a hostname into an IP address.

Questions, Concerns, Reports

Please contact [email protected].

Sincerely, 
ITS Information and Infrastructure Assurance