Home Hackers All Linux Systems Threatened by GHOST Glibc CVE-2015-0235 Remote Code Execution Vulnerability

All Linux Systems Threatened by GHOST Glibc CVE-2015-0235 Remote Code Execution Vulnerability

Posted: January 28, 2015

linux red hat vulnerability ghost glibcComputer system vulnerabilities are abundant in numbers and hackers are always on the outlook to exploit them in ways that garnishes them a payday of sorts. In recent vulnerability findings from a Linux distributor Red Hat advisory, a critical flaw was found in glibc, the GNU C library, affecting all Linux systems dating back to 2000.

Linux was once known as the go-to operating system for stability unsurpassed by Windows. Linux was an OS with clean programming and least susceptible to malware attacks or vulnerabilities. Now, due to the discovery by Red Hat, has a vulnerability that may allow a remote attacker to make an application call to execute arbitrary code with permissions of the user running the program.

What is dubbed as GHOST or the CVE-2015-0235 vulnerability, was found to have similarities of the _gethostbyname function. Such a function is able to retrieve host information corresponding to functions operating on a computer and its applications. Due to the closely related functions of the newfound Linux vulnerability and the _gethostbyname function, it is named GHOST.

Due to the GHOST Linux vulnerability affecting all versions of Linux dating back to 2000, there is some history to this threat. Years ago the vulnerability was not known as an actual security threat leaving predecessor versions of Linux exposed. However, there was mitigation offered for this very issue published back on May 21, 2013 between patch glibc-2.17 versions and glibc-2.18.

Now that the Linux vulnerability GHOST, or CVE-2015-0235 has been identified, there has been an onslaught of technical details diving deep into the exploitation and execution of the threat. Qualys, a well-known systems security firm and cloud security compliance company, posted to the OSS-Security mailing list for an advisory of the vulnerability. In it, several aspects of the vulnerability were addressed including methods to mitigate the impact of the threat. Other factors mentioned by Qualys is the fact that the vulnerability's functions are obsolete due to IPv6 and newer applications using a different call, getaddrinfo().

Fundamentally, the GHOST CVE-2015-0235 vulnerability is flawed before it even gets off the ground for any leverage in causing serious damage to Linux systems. However, it is prudent to know that because of GHOST's ability to be a viable threat to all versions of Linux dating back to 2000, which leads many experts to believe that it was utilized in the past by cybercrooks to conduct other malicious activities. As far as pinpointing those actions that may have used GHOST in the past, there is really no way of knowing as it has been out in the open for many years now. Currently, Red Hat among other firms are monitoring this vulnerability to see if it shows its ugly face in security issues that may later arise.

Loading...