Ghost leaves Linux systems vulnerable to possession

A vulnerability recently found by Qualys, in most Linux distributions could allow attackers to take remote control of a system without log-on credentials. The vulnerability, nicknamed “Ghost,” is in the GNU C Library known as glibc. The issue was disclosed on Tuesday as many Linux distributions released patches. Red Hat, Debian, Ubuntu and Novell have issued fixes and have advised administrators should patch as soon as possible.

Ghost is one of a number of issues found over the last year in open-source software components, including Heartbleed, Poodle and Shellshock, that have affected large numbers of systems. The flaw in Glibc exposes a buffer overflow that can be triggered locally and remotely in the “gethostbyname” functions – hence the nickname Ghost.

Qualys analysts developed a proof-of-concept where they sent a specially crafted email to an Exim mail server running the vulnerable version of glibc. The PoC achieved a remote shell, giving them full control. Qualys is not releasing the exploit until about half of all affected machines are patched. In an advisory, Qualys said it will eventually release a Metasploit module for it.

If you’re looking for help with penetration testing and security reviews, or are looking for advice on security compliance and web security solutions, Krypsys can help you. For more information on web security testing, please contact Krypsys on 01273 044072 or [email protected].