Whose afraid of GHOSTs? Disagreement over potential risks of new Linux vulnerability, but layered defence is recommended.
Security vendor Qualys has exposed and defined a new critical Linux vulnerability in the Linux GNU C Library (versions 2.2 and newer) that is capable of instigating remote code execution in some cases. The threat could lead to malicious control over user devices and system installations that date back to year 2000.
Known formally as CVE-2015-0235, the threat is more jauntily named GHOST because it can be triggered by the "_gethostbyname" function, a networked computing control used by a vast number of machines.
Qualys CTO Wolfgang Kandek has said that the flaw could allow attackers to gain remote control of a system without having any prior knowledge of system credentials. An attacker could send a simple email on a Linux-based system to trigger a buffer overflow and automatically get complete access to that machine.
Danger disclosure dilemma
Szilard Stange, director at software management toolkit and malware scanning company Opswat, asserts that vulnerabilities like this bring into question exactly how we as an industry handle the wider disclosure process. This is because, according to Opswat investigation, many distributions were not affected by this vulnerability like the latest long-term-support release of Ubuntu.
“Many distributions [had] released an update to the vulnerable software about a week before the publication date and many others have released updates on the same day, like Red Hat and Debian. All the updates were released as a result of the coordination of the disclosure process. We can say that all major Linux distributions had the fix released on the same day of security advisory release,” Strange told SCMagazineUK.com.
Read more :
http://www.scmagazineuk.com/ghostbusting-in-the-critically-vulnerable-linux-machine/article/395105/
