GHOST is a security vulnerability named after the actual function which was identified as vulnerable in glibc – gethostbyname(). Qualys identified this vulnerability and published their advisory at CEV-2015-0235. The buffer overflow in the __nss_hostname_digits_dots() function used by gethostbyname() function calls and it allows arbitrary code execution from unauthenticated users. The vulnerability was first introduced in November 2000 and has been fixed in source code since May 2013. However, most stable and long-term-support distributions of Linux were left exposed until the major Linux distributors released a patch for the vulnerability on January 27, 2015.
It’s the first serious open source bug disclosed this year following last year’s Heartbleed bug in OpenSSL, the Shellshock bug in Bash and the POODLE bug (Poodle is actually an acronym for Padding Oracle On Downgraded Legacy Encryption) related to the the SSL v3 fall back issue. Not just Australia, this vulnerability is a global vulnerability and a major chunk of Linux distributions that have glibc versions 2.2 through 2.17 are vulnerable. Versions 2.18 through 2.20 or 2.1.3 or under are not vulnerable. Since we are an Australian-owned company with local licensees you can actually meet and talk to, contact Concise Digital for any further information.
GHOST is not as scary as Heartbleed as it sounds, even though it allows remote execution of malicious code. The impact of GHOST has already been mitigated by various factors including the fact that gethostbyname() is now obsolete in most of the distributions and has been replaced with getaddrinfo function which supports IPv6. Exploiting the GHOST vulnerability is not as easy as it was with Heartbleed, as it involves different conditions or factors to get it exploited successfully.
According to the statistics from the ABS, 47.2% of the Australian businesses have web presence. 53% of the consumers placed orders via the internet. This means the Australian Web Hosting and the Australian E-commerce website development companies have increased in numbers. If you are a business owner, you should be concerned about who is hosting your website and how it is being taken care of, before jumping into the online sales which may be in $billions but a single GHOST can take you out of your business forever, losing a customer’s trust in you. Most of the managed web hosting providers may be able to protect your customer’s data on their servers by making sure all the patches are applied as and when a vulnerability is discovered.
If you are maintaining your own servers, you need to make sure you apply the security patches. Most distros have already pushed a stable and non-vulnerable version of glibc and you may update your servers through your favourite software manager or install it from source. A list of vulnerable distros have been listed here. Administrators should roll these out as soon as possible!
Connect with us on social media as we share links to news, vital updates and other cool stuff to make you money and save you money.
Now you can learn how to stay on top of change in the digital world. We run workshops and webinars to help our clients and our community. Most of these are free.