• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 27th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

Linux Distributions at Risk due to Ghost Vulnerability

January 31st, 2015 Waqas Security 0 comments
Linux Distributions at Risk due to Ghost Vulnerability
Share on FacebookShare on Twitter

Security vendor Qualys announced on Tuesday that a flaw in the popular component of many Linux distributions which would ultimately allow hackers to control a system remotely through just sending an email that contains malware. This vulnerability, named “Ghost”, is in the GNU C Library called glibc. This is a C library that basically defines system calls.

Several Linux distributions such as Red Hat, Debian, Ubuntu, and Novell have already released patches and fixes and it is recommended that admins patch immediately.

Although the flaw was originally discovered on glibc as early as 2000, it was finally fixed in 2013 between versions 2.17 and 2.18, according to Qualys CTO Wolfgang Kandek.

linux-distributions-at-risk-due-to-ghost-vulnerability

Kandek states that when it was discovered, the flaw was not immediately categorized or recognized as a security issue and so many Linux distributions were not fixed at the time. Those include Debian 7, Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7 and Ubuntu 12.04.

While Qualys actually uncovered the vulnerability while performing a code audit, it is still not known if attackers have yet made use of it before its discovery. Kandek wrote in the blog post that the glibc flaw exposes a “buffer overflow in the __nss_hostname_digits_dots() function of glibc. This bug can be triggered both locally and remotely via all the gethostbyname*() functions. Applications have access to the DNS resolver primarily through the gethostbyname*() set of functions. These functions convert a hostname into an IP address.”

While Qualys analysts have developed a proof-of-concept exploit, they said they won’t be releasing it before at least half of all affected machines are patched.

The best action to take now would be to reboot entire servers after they have been updated including all public-facing services such as Web servers and mail servers.

“Ghost” is just another vulnerability that has been uncovered recently in addition to a long line of flaws in open-source software components such as Heartbleed, Poodle and Shellshock.

Follow @HackRead

  • Tags
  • Linux
  • security
  • Ubuntu
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Anti-NSA Blackphone can be hacked through a text message
Next article The Pirate Bay is Back
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Botnet Abusing Bitcoin Blockchain To Evade Detection

Botnet Abusing Bitcoin Blockchain To Evade Detection

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us