Security vendor Qualys announced on Tuesday that a flaw in the popular component of many Linux distributions which would ultimately allow hackers to control a system remotely through just sending an email that contains malware. This vulnerability, named “Ghost”, is in the GNU C Library called glibc. This is a C library that basically defines system calls.
Several Linux distributions such as Red Hat, Debian, Ubuntu, and Novell have already released patches and fixes and it is recommended that admins patch immediately.
Although the flaw was originally discovered on glibc as early as 2000, it was finally fixed in 2013 between versions 2.17 and 2.18, according to Qualys CTO Wolfgang Kandek.
Kandek states that when it was discovered, the flaw was not immediately categorized or recognized as a security issue and so many Linux distributions were not fixed at the time. Those include Debian 7, Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7 and Ubuntu 12.04.
While Qualys actually uncovered the vulnerability while performing a code audit, it is still not known if attackers have yet made use of it before its discovery. Kandek wrote in the blog post that the glibc flaw exposes a “buffer overflow in the __nss_hostname_digits_dots() function of glibc. This bug can be triggered both locally and remotely via all the gethostbyname*() functions. Applications have access to the DNS resolver primarily through the gethostbyname*() set of functions. These functions convert a hostname into an IP address.”
While Qualys analysts have developed a proof-of-concept exploit, they said they won’t be releasing it before at least half of all affected machines are patched.
The best action to take now would be to reboot entire servers after they have been updated including all public-facing services such as Web servers and mail servers.
“Ghost” is just another vulnerability that has been uncovered recently in addition to a long line of flaws in open-source software components such as Heartbleed, Poodle and Shellshock.