GHOST Vulnerability

Most of us knew about GHOST (CVE-2015-0235) Vulnerability which was identified yesterday (27-Jan-2015) by Openwall Project and patches also released to all the linux distribution.

What is GHOST Vulnerability

The GHOST vulnerability is a weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. CVE-2015-0235 has been assigned to this issue.

During a code audit performed internally at Qualys, we discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so we decided to analyze it — and its
impact — thoroughly, and named this vulnerability “GHOST” taken from Qualys website.

How to identify GHOST Vulnerability

Run the below command. If you get results like “- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533).” your system is not Vulnerable. If you dodn’t get any results means your server having glibc vulnerablilty.

root@2daygeek [~]# rpm -q --changelog glibc | grep CVE-2015-0235

How to fix GHOST Vulnerability

Check whether glibc pacakge update is available or not. If available , update glibc package and Re-run the above command that’s it.

# Check glibc package update #
root@2daygeek [~]# yum list glibc
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * base:
 * extras:
 * updates:
base                                                                                                                     | 3.7 kB     00:00     
extras                                                                                                                   | 3.4 kB     00:00     
updates                                                                                                                  | 3.4 kB     00:00     
Installed Packages
glibc.i686                                                       2.12-1.132.el6_5.2                                                     @updates
glibc.x86_64                                                     2.12-1.132.el6_5.2                                                     @updates
Available Packages
glibc.i686                                                       2.12-1.149.el6_6.5                                                     updates 
glibc.x86_64                                                     2.12-1.149.el6_6.5                                                     updates 

# Upgrade glibc package  #
root@2daygeek [~]# yum update glibc

# Check whether GHOST Vulnerability is fixed by running below command  #
root@2daygeek [~]# rpm -q --changelog glibc | grep CVE-2015-0235
- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533).
- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533).

#  For Ubuntu/Debian/LinuxMint  #
root@2daygeek [~]# sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

Finally reboot the server once.

Reference link for more details :
qualys :
mitre :
openwall :
redhat :
centos :
Redhat :

About Prakash Subramanian

Prakash Subramanian is a Linux lover and has 3.5+ years of experience in linux server administration with major Linux distribution such as (RHEL, CentOS, Ubuntu). He is currently working as a Senior L2 Linux Server administrator.

View all posts by Prakash Subramanian

8 Comments on “GHOST Vulnerability”

  1. Does this output mean the server is no more vulnerable?

    – Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533).
    – Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533).

  2. Hi ,

    If I update only “glibc” ,then is it required to run below update command in centos :
    yum clean
    yum update

Leave a Reply

Your email address will not be published. Required fields are marked *