Threat Update | GNU C Library (glibc) Vulnerability: "GHOST"
January 28, 2015
A new UNIX vulnerability has been published - CVE-2015-0235. This is a critical vulnerability within the GNU C library (glibc) that allows an attacker the ability to execute malicious code. The vulnerability lies within the “_gethostbyname” function call, hence the name GHOST.
This vulnerability is present in nearly all versions of glibc as far back as glibc-2.2 (Released in November 2000), however patches have already been released for RedHat, Debian and Ubuntu:
Herjavec Group is working closely with vendors to distribute the necessary patches, as well as deploy the necessary IPS Signatures as soon as possible. Many Vulnerability Scanners have already received updates in order to detect which hosts are vulnerable to this vulnerability – For example, Qualys has updated their scanner to include QID 123191.
Qualys has also released a blog providing more technical details surrounding the GHOST vulnerability.
Herjavec Group is monitoring this situation closely and will provide updates when available.