The CVE-2015-0235 GHOST Vulnerability

If you're a KnownHost customer, nothing. We have patched all of our VPS systems as of this morning shortly after the patch was available as well as restarted services which have been proven to be vulnerable. At this time it's mainly Exim. Dedicated servers are being patched automatically over the next ~24 hours.

The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials.

Technical jargon:

A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call. A remote attacker could use this flaw to execute arbitary code with the permissions of the user running the application.

There is a remote code execution risk due to this vulnerability. An attacker who exploits this issue can gain complete control of the compromised system.

At this time only Exim mailserver has been proven to be really vulnerable.

It is called as the GHOST vulnerability as it can be triggered by the GetHOST functions.

• Qualys Advisory: https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
• RedHat: https://rhn.redhat.com/errata/RHSA-2015-0090.html
• Ubuntu: https://launchpad.net/ubuntu/+source/eglibc
• Debian: https://security-tracker.debian.org/tracker/CVE-2015-0235
• GNU C Library: http://www.gnu.org/software/libc/
• Mitre: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
• Discussion about vulnerable services: http://seclists.org/oss-sec/2015/q1/283