Default HubSpot Blog

Today's GHOST vulnerability and how to protect your organization (CVE-2015-0235)

Posted by Laura Hayes on Jan 27, 2015 6:54:00 PM

By Chris Parker-James, Product Manager, Security, and Jonathan Bodor, SOC Analyst, at Scalar.

Earlier today, Qualys announced a new vulnerability impacting a core Linux system library (glibc).

What is it?

glibc is used for many core operating system functions including input/output processing, memory allocation, and other base OS functions. This vulnerability utilizes malicious name resolution via the function gethostbyname*(). If exploited successfully, this vulnerability can result in arbitrary remote-code execution without requiring authentication.

As glibc is a ubiquitous library that’s leveraged by nearly every Linux system on the planet, questions are circulating as to how quickly you should take action to mitigate this vulnerability.

How should I mitigate?

Due to severity, the widespread use of the library, and the ability to exploit it remotely, it is highly recommended that you plan on patching your affected systems immediately to avoid any potential exposure.

The use of a vulnerability-scanning tool is recommended as the issue affects linux distributions released between 2000 and 2013. As such, there could be a large number of affected systems within your organization.

Based on the nature of the library, you should also expect to  reboot affected servers as part of the patching process.

As vulnerable versions of this library may be in use by Linux-based appliances, it is recommended that you contact your network appliance vendors to ensure they are also not vulnerable.

Scalar Managed Services can assist in managing your data centre resources and patching them when vulnerabilities such as this one are released. Visit our website for more information on how we can help: http://www.scalar.ca

Further information on the vulnerability can be found at the sites below:

Mitre: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

Qualys: https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235

Patches can be downloaded for the respective operating systems below:

Red Hat 6/7: https://rhn.redhat.com/errata/RHSA-2015-0092.html

Red Hat 5: https://rhn.redhat.com/errata/RHSA-2015-0090.html

CentOS: http://lists.centos.org/pipermail/centos-announce/2015-January/020907.html 

Topics: IT Security, Security, Managed Services