GHOST: glibc gethostbyname buffer overflow

  • Written by
    Herman Bos
  • Published on

A high risk security issue in glibc was disclosed last night. Because of the potential high impact we started our emergency patch procedures for osso managed environments and notify customers with self managed environments.

Ghost vulnerability details

Qualys discovered a buffer overflow in dns resolve functions in the GNU C library (glibc). They created a proof of concept exploit for exim and dubbed the vulnerability "GHOST".

All processes that might do dns lookups are susceptible to attacks when using a vulnerable glibc version.

Affected Ubuntu versions

Ubuntu LTS versions affected:

  • 10.04 LTS: affected, update package libc6 to version 2.11.1-0ubuntu7.20
  • 12.04 LTS: affected, update package libc6 to version 2.15-0ubuntu10.10
  • 14.04 LTS: not affected

Notes about updating

After installing the updates it important to restart processes which are using libc6. To get an impression of services using libc6

lsof | grep libc | awk '{print $1}' | sort | uniq

You can run our wcheckrestart script which lists all services which need to be restarted after package upgrades.

wget -qO/usr/local/bin/wcheckrestart && chmod 755 /usr/local/bin/wcheckrestart; wcheckrestart

You can also reboot the server of course.

Back to overview Newer post: asterisk / dialplan / variable expansion / security Older post: gitlab / upgrade / ruby / bundle