Ghost Linux Security hole Revealed

Ghost Linux Security hole Revealed

Have you heard about the critical linux security hole that was revealed dubbed “Ghost”? Well if you haven’t then I suggest you get up to speed on this critical security hole and get your linux servers patched asap.

The below section is quoted from the article at zdnet.

“The security hole can be triggered by exploiting glibc’s gethostbyname functions. This function is used on almost all networked Linux computers when the computer is called on to access another networked computer either by using the /etc/hosts files or, more commonly, by resolving an Internet domain name with Domain Name System (DNS).

To exploit this vulnerability, all an attacker needs to do is trigger a buffer overflow by using an invalid hostname argument to an application that performs a DNS resolution. This vulnerability then enables a remote attacker to execute arbitrary code with the permissions of the user running DNS. In short, once an attacker has exploited GHOST they may be capable of taking over the system.”

For more details please read the full article at zdnet.

Leave a Reply

Close Menu