• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

DOJ takes action against 22-year-old running RapperBot Botnet

 | 

Google fixed Chrome flaw found by Big Sleep AI

 | 

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

 | 

A hacker tied to Yemen Cyber Army gets 20 months in prison

 | 

Exploit weaponizes SAP NetWeaver bugs for full system compromise

 | 

Allianz Life security breach impacted 1.1 million customers

 | 

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

 | 

AI for Cybersecurity: Building Trust in Your Workflows

 | 

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

 | 

New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

 | 

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

 | 

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

 | 

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

 | 

Norway confirms dam intrusion by Pro-Russian hackers

 | 

Zoom patches critical Windows flaw allowing privilege escalation

 | 

Manpower data breach impacted 144,180 individuals

 | 

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Security
  • Ghost Remote Code Execution Vulnerability scares the Linux community

Ghost Remote Code Execution Vulnerability scares the Linux community

Pierluigi Paganini January 28, 2015

The Linux GNU C Library (glibc) versions prior to 2.18 are affected by the GHOST remote code execution vulnerability present in the ‘gethostbyname’ function.

A new critical vulnerability is threatening the Linux community, the flaw affects the glibc GNU C library. The vulnerability is present in all Linux systems dating back to 2000 and could be exploited by attackers to execute code and remotely gain control of Linux machines.

The vulnerability was first discovered by researchers at Qualys and it affects glibc library from version 2.2 included in Linux systems since November 2000. However, at the moment there is no way to tell if cyber criminals or state-sponsored hackers have been exploiting this vulnerability in the wild.

“During a code audit performed internally at Qualys, we discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so we decided to analyze it — and its impact — thoroughly, and named this vulnerability “GHOST”.” states a blog post from Qualys.

The flaw, coded as CVE-2015-0235, is a heap-based buffer overflow in the __nss_hostname_digits_dots() function implemented in the glibc library and invoked by the _gethostbyname and gethostbyname2 function calls.

Ghost vulnerability 2

The experts assigned the vulnerability the name GHOST because the involvement of the  _gethostbyname function.

“A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application,” reports an advisory from Linux distributor Red Hat.

Experts at Qualys confirmed that have identified a mitigation for the GHOST flaw that is available since May 21, 2013 between the releases of glibc-2.17 and glibc-2.18.

“Unfortunately, it was not recognized as a security threat; as a result, most stable and long-term-support distributions were left exposed (and still are): Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04, for example,” said the advisory from Qualys.

The impact of the GHOST flaw is anyway serious despite the update of the glibc is a quite easy operation.

“In this instance, you just apply the glibc update, and restart any services that are vulnerable,” explained Josh Bressers, a member of the Red Hat security response team“It’s not confusing like Shellshock was.”

Qualys also provided the details about the exploitation of the Exim SMTP mail server, the advisory explains how to achieve remote code execution against the Exim SMTP mail server, bypassing the NX (No-eXecute) protection and glibc’s malloc hardening. Other Linux systems are exposed to the GHOST flaw, including MySQL servers, Apache, Cups, Dovecot, Secure Shell servers and other types of mail servers.

“The bug affects virtually all Linux-based software that performs domain name resolution. As result, it most likely can be exploited not only against servers but also client applications.” reports ArsTechnica.

The different Linux distributions will be releasing patches; Red Hat has released an update for Red Hat Enterprise Linux 5. Novell has a list of SUSE Linux Enterprise Server builds affected by GHOST. Debian has already released an update of its software addressing the vulnerability.

The US-CERT has also published an advisory on the GHOST vulnerability urging administrators to refer respective Linux or Unix-based OS vendors and start the patching process.

“US-CERT recommends users and administrators refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch if affected. Patches are available from Ubuntu(link is external) and Red Hat(link is external). The GNU C Library versions 2.18 and later are also available for experienced users and administrators to implement.” states the US-CERT.

Pierluigi Paganini

(Security Affairs – GHOST, LINUX)


facebook linkedin twitter

Ghost GNU C library Hacking LINUX Qualys Remote Code Execution vulnerability

you might also like

Pierluigi Paganini August 20, 2025
DOJ takes action against 22-year-old running RapperBot Botnet
Read more
Pierluigi Paganini August 20, 2025
Google fixed Chrome flaw found by Big Sleep AI
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    DOJ takes action against 22-year-old running RapperBot Botnet

    Cyber Crime / August 20, 2025

    Google fixed Chrome flaw found by Big Sleep AI

    Security / August 20, 2025

    Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

    Data Breach / August 20, 2025

    A hacker tied to Yemen Cyber Army gets 20 months in prison

    Cyber Crime / August 20, 2025

    Exploit weaponizes SAP NetWeaver bugs for full system compromise

    Security / August 20, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT