ADVISORY: Ghost vulnerability in Linux glibc library (CVE-2015-0235)

The GHOST vulnerability is a serious weakness in the Linux glibc library affecting systems dating back to 2000. It allows attackers to remotely take complete control of the victim system and execute code without prior knowledge of system credentials.

There is a vulnerability in the _gethostbyname functions used in the GNU C library used in many stable distributions of Linux.

Attackers could remotely take complete control of the victim system and execute code without prior knowledge of system credentials. While active exploitation is not occurring, proof-of-concept code exists and will be released by the researchers who originally discovered the vulnerability.

Apply the patch from the appropriate Linux vendor after appropriate testing.

• RedHat: https://rhn.redhat.com/errata/RHSA-2015-0090.html
• Ubuntu: https://launchpad.net/ubuntu/+source/eglibc
• Debian: https://security-tracker.debian.org/tracker/CVE-2015-0235
• Other distributions: Consult vendor websites for up-to-date patch information

The vulnerability stems from a heap-based buffer overflow found in the __nss_hostname_digits_dots() function in glibc. That particular function is used by the _gethostbyname function calls, which are used to convert a hostname into an IP address.

Please contact [email protected].

Sincerely, 
ITS Information and Infrastructure Assurance

• The GHOST Vulnerability (Qualys)
• USN-2485-1: GNU C Library vulnerability (Ubuntu)
• Critical: glibc security update (RedHat)
• GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems (ThreatPost)
• Highly critical “Ghost” allowing code execution affects most Linux systems (Ars Technica)
• GHOST, a critical Linux security hole, is revealed (ZDNet)