Recently, a security loop hole named Ghost Vulnerability has been found haunting Linux operating systems. This vulnerability lets a hacker gain complete control over the compromised system. Given that Linux is popular with smartphones and servers, we believe it can be a serious threat to businesses. Like Shellshock and Heartbleed, the new vulnerability has a far reaching impact due to the vulnerable code’s pervasiveness.
Effect on open source community
Ghost Vulnerability isn’t a design flaw, but is an implementation problem in the affected versions of the software. The discovery of this vulnerability shouldn’t be seen as drawback. Rather, it shows the strength of the open source community. Today, many enterprises opt for open source software over proprietary software for everything ranging from cloud computing to facilitating team work for remote workers. Since the community is constantly involved, they are diagnosing solutions and resolving issues quickly.
Consider the efficiency and speed with which market players released patches. Within a week, top Linux enterprise-class distributions were ready with a solution. This iterates that open source can be just as secure, if not more, than a proprietary solution. An open source code’s transparency offers security validation for end-users, instilling a sense of trust that proprietary software cannot offer. The enterprise-class distributors also ensure that the critical security fixes and important stability updates from the newer versions are ported to older versions of a given application that the Linux distribution includes.
What’s the risk?
As the Ghost Vulnerability can be exploited both locally and remotely, it becomes easy for a hacker to gain complete control over the compromised system. What makes this worse is, an attacker can bypass almost every protection layer on both 32-bit and 64-bit systems without system credentials, leaving server prone to all kind of brand and financial damage. This security hole must be patched as soon as possible.
knowing the Ghost Vulnerability
The spooky name comes from the system functions where the vulnerable code was found – Ghost Vulnerability exploits a library’s GetHOST functions. The good news is that this bug doesn’t exist on every computer but only in versions of a software module called ‘glibc’, short for GNU C library. It basically affects Linux glibc on versions prior to glibc-2.18. Most computers don’t have glibc installed because it is not used by default on Windows, OS X, iOS or Android. However, computers that run on Linux use glibc and are highly likely to be at risk. Many Linux distributions including, but not limited to Debian 7, CentOS 6 and 7, Ubuntu 10.04 and 12.04, Red Hat Enterprise Linux 6 and 7, and End of Life Linux Distributions may be affected.
How it affects an OS
Ghost vulnerability is connected with network names and numbers. With a buffer overflow in glibc, an attacker can exploit the bug even from a remote location with gethostbyname*() functions. Now that the DNS resolver and application are connected, it becomes easier to get an IP address from a hostname. This enables hackers to remotely take control of systems without even knowing any system IDs or passwords. It lets attackers take control over victim’s Linux and Unix system running on versions prior to glibc-2.18.
Mitigating Risks
The best way to mitigate the risk is to apply a patch from your Linux vendor. If you have any Linux-based systems, including home firewalls and routers, first check if you need a patch with your vendor and apply it. Many security providers are now providing an IG scanner, which will subsequently detect the vulnerability and help enterprises monitor and defend assets. Customers get automated alerts through upgraded Web scanning tools that help monitor and defend their server assets. Patching is mandatory the scanner solutions help raising the visibility, discovery and awareness of assets that needs to be patched and not a replacement to the fix itself.
You can update your glibc version using a default package manager for OS. For this, you would need to contact your license vendor and apply for a patch to solve the issue. Once the system is updated, check for the glibc version once again to ensure that it has been resolved. Even as enterprises take measures to mitigate their risks, security solution providers must constantly review the developments on GHOST vulnerability and come up with relevant updates when required.
By Ashish Tandon
Chairman and CEO, Indusface