Wednesday, 28 January 2015

Linux Systems Vulnerable To Criticism GHOST Leak

There is a critical vulnerability in Linux discovered which virtually all systems since 2000 at risk. Through the leak can take over a remote attacker without valid credentials vulnerable computers. The vulnerability is since November 2000 in the GNU C library.

The GNU C Library, also known as glibc, is an implementation of the standard C library and an important part of Linux.Without this library would be a Linux system does not work. The leak has researchers named GHOST received because it through the gethostbyname function is to call. An attacker could then execute arbitrary code on the system.

On May 21, 2013 between the releases of glibc 2.17 and glibc 2:18 there appeared a solution to the leak. However, the fix was not classified as a security advisory, making the most stable distributions with long-term support remained exposed, according to security firm Qualys discovered that the vulnerability. This is Debian 7 (wheezy), Red Hat Enterprise Linux 6 and 7 and Ubuntu 12.04.

"GHOST is a remote code execution risk, which makes it very easy for an attacker to compromise a machine. Example, an attacker can send a simple e-mail from a Linux system and automatically get full access to that machine," says Wolfgang Kandek, CTO at Qualys. Administrators and users are advised to install the updates now available from their supplier.

No comments:

Post a Comment