A GNU C Library (glibc) vulnerability – termed as “GHOST Vulnerability” was announced to general public on 27 January 2015 – after a Cloud research company Qualys discovered this major security vulnerability. This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.
How to Quickly Identify if your system is vulnerable:
The GHOST vulnerability can be exploited on Linux systems that use versions of the GNU C Library prior to glibc-2.18. That is, systems that use glibc-2.2 to glibc-2.17 are at risk. Many Linux distributions like CentOS (6,7), Debian 7, RHEL (6,7), Ubuntu and Distributions with end of life are vulnerable and should be patched immediately.
You may check the version of glibc by looking up the version of ldd (which uses glibc) with the following command:
#ldd –version
The first line of the output will tell you the glib version, the output could be like this:
# ldd (GNU libc) 2.12
As mentioned earlier – if it is older than 2.18 – your system is vulnerable.
How to solve (patch the system) this problem:
Ubuntu / Debian:
Update all of your packages to the latest version available using this command:
# sudo apt-get update && sudo apt-get dist-upgrade
Respond to the confirmation prompt with: “y” and finally reboot using this command: # sudo reboot
CentOS / RHEL:
Update glibc to the latest version available via “yum”:
# sudo yum update glibc
Respond to the confirmation prompt with: “y” and finally reboot using this command: # sudo reboot
IF UPDATE FAILS:
To mitigate the problem you before the patch change the value of UseDNS to “no” in “etc/ssh/sshd_config”. This disables the Reverse DNS checks in public facing services.
Although you can be relived for the time being – make sure you patch your distribution whenever it is available using the steps mentioned above.