Linux systems have to be patched for latest Ghost vulnerability

Do you have Linux on your systems? If so, your security team should pay attention to a security warning from Google last month about another critical vulnerability in the glibc library similar to the Ghost bug found a year ago and affects all versions of glibc since 2.9.

It has to be patched, says Koen Van Impe, warns a security analyst at the Belgian national computer security incident response team.

The first vulnerability was found in the gethostbyname() function, he writes, while the so-called Ghost 2.0, is found in the getaddrinfo() function. Both functions are related to DNS lookups, and the bugs create buffer overflows.

And while many systems ostensibly don’t do DNS queries, Van Impe notes, it isn’t hard to force a system to do one. Therefore, he argues, all systems — both client and server — that use Linux are affected.

“There are no system credentials needed to exploit these vulnerabilities,” he writes. “Potential exploitation happens via a local or remote network connection.”

It is a good practice for CISOs to ensure all systems use a specific central resolver and block all other outgoing DNS traffic that doesn’t pass through it, Van Impe writes, and he gives a couple of good reasons why.

Patch management has long been a trying task for infosec teams, and it’s not going to get better. Last month, for example, I reported that Hewlett-Packard Enterprises’ latest cyber threat report found the most exploited bug in 2015 was a Windows Shell vulnerability (CVE-2010-2568) that was discovered along with a patch issued in 2010 — and patched again in early 2015.

Finally, remember this advice a consultant told me: “The vast majority of companies are approaching patching in the wrong way,” says Brand. “It’s few and far between where corporations are thinking about patching form a risk and prioritization basis, as opposed to ‘we just need to patch everything within 30 days’ and they waste all these cycles (of time) patching and testing. It’s the exception and not the norm.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now