ADVISORY: Ghost vulnerability in Linux glibc library (CVE-2015-0235)
Tuesday, January 27, 2015
This information was sent to U-M IT staff groups on January 27, 2015.
This message is intended for U-M IT staff who are responsible for maintaining and running university Linux machines.
The GHOST vulnerability is a serious weakness in the Linux glibc library affecting systems dating back to 2000. It allows attackers to remotely take complete control of the victim system and execute code without prior knowledge of system credentials.
There is a vulnerability in the _gethostbyname functions used in the GNU C library used in many stable distributions of Linux.
- GNU C Library versions glibc-2.16 and older.
- All Linux distributions running glibc-2.16 and older are vulnerable, including:
- Debian 7 (wheezy)
- RedHat Enterprise Linux 6 and 7
- Ubuntu 12.04
- CentOS 6 and 7
Distributions using glibc-2.17 and newer are not affected.
Apply the patch from the appropriate Linux vendor after appropriate testing.
- RedHat: https://rhn.redhat.com/errata/RHSA-2015-0090.html
- Ubuntu: https://launchpad.net/ubuntu/+source/eglibc
- Debian: https://security-tracker.debian.org/tracker/CVE-2015-0235
- Other distributions: Consult vendor websites for up-to-date patch information
Attackers could remotely take complete control of the victim system and execute code without prior knowledge of system credentials. While active exploitation is not occurring, proof-of-concept code exists and will be released by the researchers who originally discovered the vulnerability.
The vulnerability stems from a heap-based buffer overflow found in the __nss_hostname_digits_dots() function in glibc. That particular function is used by the _gethostbyname function calls, which are used to convert a hostname into an IP address.
Questions, Concerns, Reports
Please contact email@example.com.
ITS Information and Infrastructure Assurance
- The GHOST Vulnerability (Qualys)
- USN-2485-1: GNU C Library vulnerability (Ubuntu)
- Critical: glibc security update (RedHat)
- GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems (ThreatPost)
- Highly critical “Ghost” allowing code execution affects most Linux systems (Ars Technica)
- GHOST, a critical Linux security hole, is revealed (ZDNet)