GLIBC GHOST :: glibc vulnerability (CVE-2015-0235)

Recently, an another vulnerability found in “Glibc” under CVE-2015-0235. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Why the name GHOST?

It’s not a GHOST 🙂 GHOST is a ‘buffer overflow’ bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library.

Solution:

Update the Glibc version by using YUM. Here is the command:

yum update glibc 

Updated versions:
For CloudLinux 5 : glibc-2.5-123.el5_11.1
For CloudLinux 6 : glibc-2.12-1.149.el6_6.5

Then restart the services which using this funtions.

Exim, Apache, LiteSpeed, Nginx, cPanel, PostgreSQL, OpenSSH, Postfix/sendmail etc

Or reboot the server.

That’s it!!

Arunlal Ashok

Linux Server Administrator. I'm dealing with Linux servers since 2012. I started this blog to share and discuss my ideas with the world. Check My Profile!! in uPwork (oDesk) and let me know if you need any assistance. Thanks!!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *