ADVISORY: Ghost vulnerability in Linux glibc library (CVE-2015-0235)

Tuesday, January 27, 2015

This information was sent to U-M IT staff groups on January 27, 2015.

This message is intended for U-M IT staff who are responsible for maintaining and running university Linux machines.

Summary: 

The GHOST vulnerability is a serious weakness in the Linux glibc library affecting systems dating back to 2000. It allows attackers to remotely take complete control of the victim system and execute code without prior knowledge of system credentials.

Problem: 

There is a vulnerability in the _gethostbyname functions used in the GNU C library used in many stable distributions of Linux.

Affected Systems: 
  • GNU C Library versions glibc-2.16 and older.
  • All Linux distributions running glibc-2.16 and older are vulnerable, including:
  • Debian 7 (wheezy)
  • RedHat Enterprise Linux 6 and 7
  • Ubuntu 12.04
  • CentOS 6 and 7

Distributions using glibc-2.17 and newer are not affected.

Action Items: 

Apply the patch from the appropriate Linux vendor after appropriate testing.

Threats: 

Attackers could remotely take complete control of the victim system and execute code without prior knowledge of system credentials. While active exploitation is not occurring, proof-of-concept code exists and will be released by the researchers who originally discovered the vulnerability.

Technical Details: 

The vulnerability stems from a heap-based buffer overflow found in the __nss_hostname_digits_dots() function in glibc. That particular function is used by the _gethostbyname function calls, which are used to convert a hostname into an IP address.

Questions, Concerns, Reports: 

Please contact iia.inform@umich.edu.

Sincerely, 
ITS Information and Infrastructure Assurance