Researchers have discovered a serious vulnerability affecting multiple distributions of the Linux OS. While there are patches available the clean up effort is likely to going be a major task for Linux admins.
A round of patches were released today to fix a critical Linux bug, dubbed GHOST, which is a remotely exploitable flaw in Linux distributions and could allow an attacker to take control of a vulnerable Linux machine.
The bug was discovered during a code review by vulnerability management firm Qualys. The company said that it had developed a proof of concept (PoC) attack “in which we send a specially created e-mail to a mail server and can get a remote shell to the Linux machine”. In other words, the risk will become very real when the company releases the exploit, which it plans to do in coming months.
The reason they’ve called the bug GHOST, which has been assigned CVE-2015-0235, is that it can be triggered by GetHOST functions.
Source:
http://www.cso.com.au/article/564898/remotely-exploitable-ghost-bug-strikes-all-linux-distros/
