Warning message

log in to add comments or rate this document

GHOST: glibc vulnerability (CVE-2015-0235)

Updated 2015-01-27T21:29:12+00:00

Red Hat Product Security has been made aware of a critical vulnerability in the glibc library, which has been assigned CVE-2015-0235 and is commonly referred to as 'GHOST'. All versions of glibc shipped with all variants of Red Hat Enterprise Linux are affected.

Background Information

GHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Impact

The gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.

Determining Vulnerability

As a Red Hat customer, the easiest way to check for the vulnerability and confirm remediation is the Red Hat Access Lab: glibc (GHOST) Detector.

Resolution

To eliminate the possibility of an exploit:

  1. Update the glibc and ncsd packages on your system using the packages released with the following errata:
  2. Restart vulnerable services that use glibc (since so many services use glibc, the safest option is to restart the system).