Sign up for our newsletter - Navigating the horizon of business technology​
Technology / Cybersecurity

GHOST bug haunts Linux users

Researchers of Cloud Security firm Qualys have discovered vulnerability in Linux GNU C Library (glibc) library which can be manipulated to gain remote access of the attacked system.

Glibc is also is an integral part of the Linux operating system without which Linux system will not function.

Researchers found out buffer overflow in the __nss_hostname_digits_dots() function of glibc , and hackers could trigger it both locally and remotely via all the gethostbyname*() functions; which led to the naming of the bug as dubbed, ‘GHOST’.

Hackers could gain partial or remote access allowing for arbitrary code execution.

White papers from our partners

Qualys said that to manage the risk users will need to apply a patch from Linux vendor, and the company claims that it has worked with Linux distribution vendors to create patches that are now available to users.

Qualys added: "According to our data once the vulnerability has reached its half-life we will release the exploit.

"Half-life is the time interval measuring a reduction of a vulnerability’s occurrence by half. Over time, this metric shows how successful efforts have been to eradicate vulnerability.

"A shorter half-life indicates faster remediation. Half-life was originally coined by Qualys in the Laws of Vulnerability."

This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.