GLIBC GHOST :: glibc vulnerability (CVE-2015-0235)

Recently, an another vulnerability found in “Glibc” under CVE-2015-0235. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Why the name GHOST?

It’s not a GHOST 🙂 GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library.

Solution:

Update the Glibc version by using YUM. Here is the command:

yum update glibc 

Updated versions:
For CloudLinux 5 : glibc-2.5-123.el5_11.1
For CloudLinux 6 : glibc-2.12-1.149.el6_6.5

Then restart the services which using this funtions.

Exim, Apache, LiteSpeed, Nginx, cPanel, PostgreSQL, OpenSSH, Postfix/sendmail etc

Or reboot the server.

That’s it!!

Post navigation

Arunlal Ashok

Linux Systems Architect at Endurance International Group. I know her (Linux) since many years. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team CryBit.com

Leave a Reply

Your email address will not be published. Required fields are marked *