Sign up to our newsletter
Security researchers have found a vulnerability inherent to a widely used component in most versions of Linux, reports Computer World.
The vulnerability – nicknamed ‘Ghost’ – is found in the GNU C Library (‘glibc’), which is a library that defines system calls. ‘Ghost’ is an appropriate name, as the bug, which dates back to glibc-2.2 released in 2000, was actually fixed on May 21 2013, but at the time was not recognized as a security risk, so wasn’t immediately modified in popular Linux distributions.
Ars Technica describes the bug as “in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year”, and notes that because “patching systems requires core functions or the entire affected server to be rebooted” some affected systems may “remain vulnerable for some time.”
The Ghost vulnerability is a buffer overflow flaw in __nss_hostname_digits_dots(), which can be called by the gethostbyname() and gethostbyname2() functions. Attackers able to target either of these functions could exploit the vulnerability to execute code. Researchers at Qualys claim that they were able to create proof-of-concept code capable of carrying out a remote code execution attack against the Exim mail server, bypassing all protections on 32-bit and 64-bit systems.
At the moment it is unclear whether the Ghost vulnerability had been exploited before researchers uncovered it, but Qualys won’t be releasing full details of the attack code until the threat level is reduced. “We want to give everyone enough time to patch,” Qualys told The Register. “According to our data once the vulnerability has reached its half-life we will release the exploit. Half-life is the time interval measuring a reduction of a vulnerability’s occurrence by half. Over time, this metric shows how successful efforts have been to eradicate vulnerability.”
Author Alan Martin, ESET