VPN Articles and News

“Ghost” Flaw Leaves Web Servers Vulnerable To Attack

Thursday, April 9th, 2015

Security firm Qualys has discovered a previously unknown vulnerability in Linux operating system that could leave web and mail servers open to malicious attacks. The vulnerability was discovered in an important library of the extremely popular (and not to mention one of the most preferred choices of web hosting providers) Operating System. The critical flaw lets attackers take complete control of the machine without supplying proper credentials by bypassing all forms of protection. The vulnerability was named as “Ghost” (CVE-2015-0235 according to industry standards) by the California based company since it could be triggered through “gethostbyname” DNS function of the OS.

In a blog post posted on the company’s official blog, Amol Sarwate, director of Engineering at Qualys; mentioned that the Ghost vulnerability had the ability to infect Linux based systems without providing system credentials (username/ password of the administrator). Qualys researchers working on the vulnerability also disclosed on Openwall’s mailing list that were able to carry out an attack against an remote Exim mail server by circumventing all forms of protection. More worryingly, the proof of concept attack worked against mail servers installed on both 32 bit and 64 bit Linux machines. However, the company declined to release the exact methodology used in the attack for the fear of inspiring copy-cat attacks.

The Ghost vulnerability affects desktop and server versions of several implementations of Linux, including those released by Red Hat, Debian, CentOS and Ubuntu (only older versions are said to be affected by the flaw; for instance, Red Hat Fedora 20+ and Ubuntu 13.10 and higher are not impacted). The flaw is contained in GNU C library (also known as glibc), a software repository available in the open source operating system. The vulnerability has already been fixed in the newer versions of glibc (2.18 and higher) but older versions would need to be patched manually. The security flaw has the potential to infect many critical softwares including Apache, MySQL, Nginx, Sendmail, Exim and Samba that are installed on millions of Linux web servers around the world.

Most Linux vendors have already released a patch to fix the Ghost vulnerability. However, the patches need to be applied manually by server administrators or desktop users who are still using older versions of the OS. Till the time server administrators decide to apply the patches or migrate to a higher version of Linux, the Ghost flaw would continue to pose a threat.

Although Linux (which is actually based on the UNIX operating system) is one of the most secure operating systems around, it is not immune from security threats. Ghost is the fourth major security vulnerability to be discovered within the OS during the last one year. The list of serious flaws that have affected the OS in the past includes the notorious Heartbleed and Shellshock bugs which threatened to disrupt the operations of millions of websites. Although there is no evidence that the Ghost flaw has been exploited by the attackers, it will continue to pose a security headache for administrators who are still using older versions of Linux.

April 9, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + 2 =