Critical Security Flaw in Core Linux Library

Allows for complete control of a system with no credentials

Earlier this week a critical security flaw in the gethostbyname() function of glibc in Linux was exposed. This effects many major linux distributions including Redhat 5 and Redhat 6 Enterprise. This vulnerability has the potential to allow a fairly simple attack to gain complete control of a server. Any vulnerable servers should be patched and rebooted as soon as possible.

DoIT has been patching and rebooting our systems and we are now protected from this on all centrally managed accessible servers. We would encourage any linux admins to check out the posting below to see if your system is vulnerable and patch accordingly. I've also included a link to a PCworld article with a new exploit that just came out showing how this flaw can be used.

Its being referred to as the GHOST vulnerability because it uses the GetHost function. Besides the obvious security issue, this one has some marketing behind it as well, its even got a cute logo (see below), so I think you may see it around the news at some point.

List of vulnerable glibc versions:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235

For information:

http://www.pcworld.com/article/2878252/ghost-linux-vulnerability-can-be-exploited-through-wordpress-other-php-apps.html