GHOST vulnerability in Linux distributions and its Solution

Ghost Vulnerability - serious security hole

A GNU C Library (glibc) vulnerability – termed as “GHOST Vulnerability” was announced to general public on 27  January 2015 – after a Cloud research company Qualys discovered this major security vulnerability. This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.

Ghost Vulnerability - A serious security hole in Linux systems

How to Quickly Identify if your system is vulnerable:

The GHOST vulnerability can be exploited on Linux systems that use versions of the GNU C Library prior to glibc-2.18. That is, systems that use glibc-2.2 to glibc-2.17 are at risk. Many Linux distributions like CentOS (6,7), Debian 7, RHEL (6,7), Ubuntu and Distributions with end of life are vulnerable and should be patched immediately.

You may check the version of glibc by looking up the version of ldd (which uses glibc) with the following command:

#ldd –version

The first line of the output will tell you the glib version, the output could be like this:

# ldd (GNU libc) 2.12

As mentioned earlier – if it is older than 2.18 – your system is vulnerable.

How to solve (patch the system) this problem:

Ubuntu / Debian:

Update all of your packages to the latest version available using this command:

# sudo apt-get update && sudo apt-get dist-upgrade

Respond to the confirmation prompt with: “y” and finally reboot using this command: # sudo reboot

 

CentOS / RHEL:

Update glibc to the latest version available via “yum”:

# sudo yum update glibc

Respond to the confirmation prompt with: “y” and finally reboot using this command: # sudo reboot

 

IF UPDATE FAILS:

To mitigate the problem you before the patch change the value of UseDNS to “no” in “etc/ssh/sshd_config”. This disables the Reverse DNS checks in public facing services.

Although you can be relived for the time being – make sure you patch your distribution whenever it is available using the steps mentioned above.

Leave a Reply

Your email address will not be published. Required fields are marked *