Patch Available for Ghost Vulnerability

Patch Available for Ghost Vulnerability

CVE-2015-0235


A new vulnerability, discovered by Qualys, regarding a buffer overflow flaw affecting all versions of glibc before 2.18 has recently been announced. The vulnerability (CVE-2015-0235) known as Ghost, allows for remote code execution by exploiting the gethostbyname() and gethostbyname2() functions commonly used on Unix and Linux systems to resolve host names.

Additional Information can be found at:

https://isc.sans.edu/diary/New+Critical+GLibc+Vulnerability+CVE-2015-0235+%28aka+GHOST%29/19237

https://www.us-cert.gov/ncas/current-activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability

http://www.openwall.com/lists/oss-security/2015/01/27/9

 Recommendations:

  • Update all glibc libraries to versions 2.18 or later

 Systems Affected:

  • Most Linux and Unix-like systems
  • Mac OS X and Windows OS that use glibc before version 2.18
  • Use getaddrinfo() instead of gethostbyname() or gethostbyname2()

 Vulnerable Versions:

glibc before versions 2.18

Patches:

UNIX –       http://www.ubuntu.com/usn/usn-2485-1/

Red Hat – https://access.redhat.com/security/cve/CVE-2015-0235

 Alert Detection:

The Masergy Threat Intelligence Team currently has the following alerts to detect the exploitation of this vulnerability:

EXP:CVE-2015-0235-1

Possible Exim buffer overflow exploit attempt targeting the CVE-2015-0235 vulnerability. CVE-2015-0235 is a buffer overflow vulnerability in the gethostbyname() function of glibc (GNU C library), which is used by Linux systems.

EXP:CVE-2015-0235-2

Possible Exim buffer overflow exploit attempt targeting the CVE-2015-0235 vulnerability. CVE-2015-0235 is a buffer overflow vulnerability in the gethostbyname() function of glibc (GNU C library), which is used by Linux systems.