Linux Hosting

the GHOST security breach: what it is and how to protect yourself

2 min read

So what now?

A critical security vulnerability has been found in the GNU GLIBC C library, which is found in most existing Linux systems. This security vulnerability allows an attacker to execute malicious code on the server and gain access to the Linux system itself.

The security vulnerability has been named GHOST and given the tag CVE-2015-0235. It was discovered and exposed by security researchers at Qualys in California.

Yes, it's as critical as Shellshock and Heartbleed

GHOST is considered critical because hackers can take control of your server quite easily without knowing anything in advance about the login details (passwords, administrator, etc.). Therefore, the breach is considered as critical as Heartbleed and Shellshock, which were discovered last year.

What is this name?

The vulnerability is in the GNU GLIBC C library and is exploited through the gethostbyname function family. Hence the name.

 

Who cares?

Mainly those who have virtual or dedicated servers, personal computers, and almost anything that contains the library in question.

Multiple Linux distributions are known to be affected by this security breach:

CentOS 6 - 7

Debian Squeeze LTS, Wheezy

Red Hat Enterprise Linux 6 - 7

Ubuntu 10.04 - 12.04

End of Life Linux Distributions

If you have one of these systems, it is important to update the system and restart the server for the updates to take effect.

Do I even have it?

The quickest way to check is to check the Glibc versions that are installed.

Debian/Ubuntu:

Run this command in SSH

ldd --version

After entering the above command, you should get something like this:

ldd (Ubuntu EGLIBC 2.15-0ubuntu10.7) 2.15

Copyright (C) 2012 Free Software Foundation, Inc.

This is free software; see the source for copying conditions. There is NO

warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Written by Roland McGrath and Ulrich Drepper.

If the eglibc versions are the same, or the version is newer than:

Debian 6 LTS: 2.11.3-4+deb6u4

Debian 7 LTS: 2.13-38+deb7u7

Ubuntu 12.04 LTS: 2.15-0ubuntu10.10

Ubuntu 10.04 LTS: 2.11.1-0ubuntu7.20

If the version is newer than what is listed above, then everything is fine.

CentOS/Red Hat:

Run this command in SSH:

rpm -q glibc

After pressing Enter, you should get something like this:

glibc-2.12-1.132.el6_5.4.x86_64

If the eglibc versions are the same, or if the version is newer than

CentOS 6: glibc-2.12-1.149.el6_6.5

CentOS 7: glibc-2.17-55.el7_0.5

RHEL 5: glibc-2.5-123.el5_11.1

RHEL 6: glibc-2.12-1.149.el6_6.5

RHEL 7: glibc-2.17-55.el7_0.5

If the version is newer than what is listed above, then everything is fine.

Fixing the security vulnerability

Debian/Ubuntu:
sudo apt-get update && sudo apt-get dist-upgrade
After we have finished updating the system:
sudo reboot

CentOS/Red Hat:

sudo yum update glibc

After updating the system:

sudo reboot

It is necessary to reboot the server, because the libraries are in memory and are constantly used by the kernel. Therefore, it is necessary to reboot in order to use the new version of the library.

Summary

It is important to update the server at least once every two weeks to a month and keep it up to date.

Follow the instructions in this guide for all of your servers and your personal computer.

Previous post
virtual Private Server - Advantages of VPS Hosting
when talking about website hosting, most people think of shared hosting—the inexpensive, standard option that is suitable for most small and medium-sized websites. Shared hosting is like living in an apartment with roommates. Sure, everyone has their own room, but...
Next post
creating a standing order in the customer interface
to set up a standing order, log in to the billing interface with your username and password. If you have forgotten your password, you can recover it by clicking "Recover Password" on the login screen. Your username is the customer number you received when you registered.

2026 © Linux Hosting - Web Hosting since 2011