A new bug is announced in all Linux OS recently.It is about a package, glibc. This package is responsible for C libc libraries, (libm) ,POSTIX Thread, Name Server Caching Deamon (nscd) standard libraries.
This vulnerability is from Heap Buffer OverFlow kind for nss_hostname_digits_dots() function in libc which are called by gethostbyname() and ethostbyname2() that make hacker able to run their codes in the server! Qualys company found this bug and named it as “ghost”.
Vulnerable RED HATS:
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Desktop (v. 7)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux HPC Node (v. 7)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server (v. 7)
Red Hat Enterprise Linux Server EUS (v. 6.6.z)
Red Hat Enterprise Linux Workstation (v. 6)
Red Hat Enterprise Linux Workstation (v. 7)
Vulnerable CentOs:
centos 4.x
centos 5.x
centos 6.x
centos 7.x
Vulnerable Ubuntu:
Ubuntu 12.04 LTS
Ubuntu 10.04 LTS
And almost all cloudlinux, debin and OpenWall are vulnerable!
This scripts can check your OS for this bug:
wget https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c
gcc -o ghost GHOST.c
./ghost
To fix the bug in CentOS, RED HAT and CloudLinux, run this:
yum -y update glibc
In Ubuntu and Debian run:
yum -y update glibc
Then reboot the OS.
