GHOST: Another security flaw hits Linux

We're still bleeding from the wounds Heartbleed left us less than a year ago and the open source world has been hit by another major security issue: GHOST, a security hole in the glibc Linux library. This time, however, the actual danger is quite low… we explain why below.

ghost vulnerability

What is GHOST?

The GHOST vulnerability, which was announced last week by security researchers at Qualys, resides in the gethostbyname functions of the glibc library. For those who do not know, glibc is the name by which the GNU C libraries are known, with which most Linux systems and many free software programs are compiled. Specifically, the gethostbyname functions are used to resolve domain names to IP addresses, and are widely used in open source applications.

Attackers can exploit the GHOST security hole to create a memory overflow, making it possible to run any kind of malicious code and do all kinds of nasty things.

All of the above suggests that GHOST is really bad news for lovers of free software. Fortunately, the real risk appears to be not that great. Apparently the bug was fixed in May 2013, which means that any Linux server or PC with the latest versions of the software is safe from attack.

In addition, the gethostbyname functions were replaced by newer ones that can better handle modern network environments, as they include support for IPv6, among other novelties. As a result, newer applications often no longer use the gethostbyname functions and are not at risk.

And perhaps most importantly, there is currently no known way to execute GHOST attacks over the web. This greatly reduces the chances of using this vulnerability to steal data from unsuspecting users or to wreak serious havoc.

Ultimately, it seems that GHOST is not as serious a vulnerability as heartbleed o Shellshock, recent security holes that they seriously affected free software in general and Linux in particular.

How do you know if GHOST can affect you?

Easy, you just have to open a terminal and enter the following command:

ldd --version

It should return something similar to this:

ldd (Ubuntu GLIBC 2.19-10ubuntu2) 2.19 Copyright (C) 2014 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper.

To be safe, the glibc version must be higher than 2.17. In the example, 2.19 is installed. If you are still using an old version, you only need to run the following commands (or the equivalents in your distribution):

sudo apt-get update sudo apt-get dist-upgrade

After installation it is necessary to restart the PC with the following command:

sudo reboot

Finally, you have to run ldd one more time to check the version of gblic.


17 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   nex said

    I changed from windows to Linux ... because they said that Linux was safe, but the reality is different, virus after virus that they discover in Linux, such as (rootkit, bash vulnerability and GHOST), worst of all .... this Ghost virus they say which has been introduced since 2003. How long is the lie?

    1.    elav said

      No Operating System is totally safe, but if I can assure you something is that Linux is much more secure than Windows. Now I ask you how many people have really been affected by this so-called Ghost? Just because it was there since the dinosaurs doesn't mean it has been exploited since.

      1.    Cristian said

        I can assure you that the security problem is not the operating system, but the one behind the keyboard

      2.    Bruno cascio said

        What is the system that necessarily needs an antivirus, windows. No more talking.

        PS: Look for antivirus for windows in google, and there are already results of fake programs that install advertising, Trojans or some other malware posing as a creavirus (sorry, antivirus).

        regards

    2.    KZKG ^ Gaara said

      I could say that I pay a case of beers to each person who shows me proof that they have been the victim of a virus or malware in Linux ... and almost certainly, the more I would pay 2 or 3 at most 😉

    3.    NeoRanger said

      Do you complain only about 3 or 4 major viruses in Linux? For Windows viruses come out all the time since the vulnerability is much greater in systems of this type. Linux is very secure but it is not THE safest OS in the world, but it is secure and much more than Windows.

    4.    nex said

      IN ENGLISH THEY SAY THIS:
      Vulnerability that would allow control of Linux, this security flaw can be exploited by using the function gethostbyname glibc, used in almost all Linux computers that are networked, when a node is calling another using the file / etc / hosts or using DNS. All you need to do the attacker is causing a buffer overflow using an invalid name on the DNS host service. This makes the attacker can use the system through the user running the DNS server, without knowing your credentials.

      What is striking about this vulnerability, on which publicly reported last days, I was just in glibc since 2000 and was not resolved until 2013.

      1.    yukiteru said

        The vulnerability was resolved much earlier, in 2012 when Glibc 2.17 was released, what happened was that LTS versions of many Linux OS did not include the corresponding patch for versions prior to Glibc 2.17, that is what happened.

    5.    yukiteru said

      First no one is talking about viruses, they are talking about a vulnerability, something very different.

      Second, that you use FreeBSD (if you are not using some mod for User Agent), it does not save you from this type of problems, FreeBSD also has old-fashioned vulnerabilities like this.

      http://www.securitybydefault.com/2011/12/exploit-para-vulnerabilidad-de.html

      1.    eliotime3000 said

        Don't forget about OpenBSD.

    6.    Nicolas Rosbaco said

      This is not a virus!
      But the most important thing is that safety is a sensation!
      When you understand that everything becomes clearer

    7.    hrenek said

      For you to know other experiences I tell you that my sister had a netbook that after two installations of XP she asked me to switch to Linux and until her hardware was ruined she had no more problems. The same at my mother-in-law's house, three years without problems and when I installed Windows in another partition for my little brothers-in-law's games, not a month passed without malware taking control of her router. And they are just two examples.

      1.    brutal said

        The same thing happens in my house, nobody wants to come back with windows.

    8.    eliotime3000 said

      Even OpenBSD has vulnerabilities that have not been resolved, and to top it off, GHOST is a vulnerability, not a virus itself. Worry about whether you have Shellshock or Heartbleed.

      And by the way, what am I doing in this flame?

      1.    KZKG ^ Gaara said

        HAHAHAHAHA in fact the original article is ours: https://blog.desdelinux.net/virus-en-gnulinux-realidad-o-mito/

      2.    Shadow_Reaper said

        Hahaha, I didn't even remember hehehe.