The GHOST Vulnerability
Description
CVE-2015-0235, known as GHOST, is a heap-based buffer overflow vulnerability in the GNU C Library (glibc) affecting the __nss_hostname_digits_dots() function. This flaw can be triggered through the gethostbyname*() family of functions, which are commonly used for DNS hostname resolution. The vulnerability affects glibc versions 2.2 through 2.17 and can be exploited both locally and remotely without authentication. Applications that perform hostname lookups, including web services, mail servers, and various network applications, may be vulnerable to exploitation.
Remediation
Immediately update the GNU C Library to version 2.18 or later, which contains the fix released on May 21, 2013. Follow these steps to remediate:
1. Identify affected systems running glibc versions 2.2 through 2.17 using the command:
ldd --version
2. Apply security patches provided by your Linux distribution vendor (Red Hat, Ubuntu, Debian, SUSE, etc.) through your package manager
3. Restart all services and applications that depend on glibc, or perform a complete system reboot to ensure the updated library is loaded
4. Verify the patch installation by confirming the glibc version is 2.18 or higher
5. Review system logs for any suspicious hostname resolution activity that may indicate prior exploitation attempts
For systems that cannot be immediately patched, implement network-level controls to restrict untrusted hostname resolution requests and monitor for exploitation attempts.