Ghostbusters_logo

GHOST busting

on Feb 3, 15 • by Rod Cope • with No Comments

How proactive open source notifications keep you up-to-date and secure with timely information about the latest releases and security patches, such as the GHOST vulnerability...

Home » Software Security » GHOST busting

Last week, the GHOST flaw was revealed to have a potentially serious effect on many Linux systems around the world – and Rogue Wave Software was right on top of it. This buffer overflow problem affects the gethostbyname() and gethostbyname2() function calls in the glibc library common to many Linux systems and can allow remote attackers to execute arbitrary code with the permissions of the user running the application.

Use of open source software such as this is monitored by the OpenLogic OpenUpdate program. Users of OpenLogic are immediately notified of security vulnerabilities, as reported by the National Vulnerability Database, and informed of remedies and workarounds, if available. Here’s a portion of the OpenUpdate notification for the GHOST flaw as it went out to users last week:

“The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that then calls gethostbyname().” – http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/

To patch against this vulnerability, the glib package must be updated and then each service that uses glibc must be restarted.

Customers can see what services are using glibc by running:
lsof | grep libc | awk '{print $1}' | sort | uniq

Updates are available for CentOS 5, 6 and 7 (all architectures). Debian/Ubuntu systems have already updated the packages so you can simply upgrade them. It is also recommended that you run updates on the OS afterwards.

With OpenUpdate, you don’t have to worry about keeping tabs on security issues like GHOST or Heartbleed, OpenLogic does it for you. Proactive, specific, and actionable information is what OpenUpdate is all about.

For more information about OpenLogic and to schedule a free demonstration, visit www.openlogic.com.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top