CVE-2015-0235: GHOST in the GNU C Library

  • Post author:
  • Reading time:4 mins read

Ghost Vulnerability

A critical vulnerability known as Ghost Cat Vulnerability is discovered in GNU C Library (glibc) by a vulnerability scanning tool. The GNU C Library, commonly known as glibc, is the GNU Project’s implementation of the C standard library and a core part of the Linux operating system.

GNU C Library (glibc) is used in most of the Linux distributions, which is prone to a heap-based buffer overflow vulnerability and allows local and remote attackers to execute arbitrary code on the vulnerable systems. Researchers at Qualys discovered the vulnerability. CVE-2015-0235 assigned to this vulnerability and auto patching can mitigate them.

The vulnerability exists in the __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls, hence the name GHOST (GetHOST) vulnerability. The vulnerability triggers via gethostbyname() and gethostbyname2() functions. Successful exploitation allows local/remote attackers to execute arbitrary code. Also attacker can bypass security protections mechanism like NX, ASLR and PIE on both 32-bit and 64-bit systems successfully.

GNU C Library (glibc) is in most of the Linux based appliances from different vendors and it’s a core component for Linux systems. Similar to Heartbleed, Shellshock and POODLE, this affects wide range of applications. Due to it’s nature and wide range of  products rated as critical vulnerability.

According to Qualys this bug fixed in 2013 as a minor bug fix but not as security fix, hence vendors using glibc library at that time ignored to update, as a result, many stable and LTS (long term support) distributions affected by this vulnerability including Debian 7, RHEL 6 & 7, CentOS 6 & 7, Ubuntu 12.04 etc.

Simple steps to check GNU C Library is vulnerable to Ghost Cat Vulnerability:

  1. We can download a tool from the University of Chicago that will let us test our system for the vulnerability.
    • wget https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c
  2. Run Following commands:
    • gcc GHOST.c -o GHOST
    • ./GHOST
  3. The above command responds whether the system is vulnerable OR not vulnerable
    • vulnerable

We strongly suggest applying the latest available patches from your vendors as soon as possible and you need to reboot for changes to take effect.

SecPod Saner detects these vulnerabilities and automatically fixes them by applying security updates. Download Saner now and keep your systems updated and secure.

– Kumarswamy S

Share this article