User Tools

Site Tools


security:misc:cve-2015-0235-ghost-vulnerability

The CVE-2015-0235 GHOST Vulnerability

What do I need to do?

If you're a KnownHost customer, nothing. We have patched all of our VPS systems as of this morning shortly after the patch was available as well as restarted services which have been proven to be vulnerable. At this time it's mainly Exim. Dedicated servers are being patched automatically over the next ~24 hours.

What is it?

The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials.

Technical jargon:

A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call. A remote attacker could use this flaw to execute arbitary code with the permissions of the user running the application.

What is the risk?

There is a remote code execution risk due to this vulnerability. An attacker who exploits this issue can gain complete control of the compromised system.

At this time only Exim mailserver has been proven to be really vulnerable.

Why is it called the GHOST vulnerability?

It is called as the GHOST vulnerability as it can be triggered by the GetHOST functions.


References:

security/misc/cve-2015-0235-ghost-vulnerability.txt · Last modified: 2015/01/28 18:27 by Jonathan W.