Alert: GHOST Vulnerability

This morning, Qualys announced they found a very large security risk that allows would-be attackers the ability to take complete control of your system even without having any credentials.  In one test, researchers were able to get a command prompt (shell) simply by sending an email.

Luckily, Qualys is a good security company and not a group known to take advantage of others.  However, now that this vulnerability is known, it is not expected to take long for hackers to figure this out either.  Some estimates expect every non-fixed computer to be in a non-working state in less than 6 months.  However, as we all know, there are much worse things than a non-working computer.  This vulnerability can provide access to other things too.

What does GHOST stand for?  Why is this problem called GHOST?

GHOST stands for “Get Host”.  The Get Host functionality is a core feature of all Internet based computers.

It allows a computer to get an IP Address from a name.  For example, www.in-con.com is a name that can be used by this function to get the IP address 50.63.137.227 which is the server that hosts our website.

Ultimately, the Get Host function is implemented in Linux as the function call gethostbyname() and is included in the glibc library.  The glibc library is one of those very low level libraries that just about every application, script, service/daemon, etc. will call at some point in its process.

Without getting too technical, a quick related story may help most understand what is happening.  Try to remember about a vulnerability that occurred in the late 1990’s how web browsers could send a command to the operating system if a link was longer than 512 characters long.  What happened with the web browser was that they thought nobody would make a link longer than 512 characters.  However, when someone would type, or click on, a longer URL, the characters would be written to RAM. However, after 512 “slots” the characters would overwrite whatever had claimed that next area of RAM.  The GHOST vulnerability is very similar.  If someone sends enough characters to an application that in turn calls this function with that information, an overflow problem can occur.

This is happening today because of a side-effect from a global fix back in 2000.  Unfortunately, even when this unwanted  side-effect was found in 2013, it was not labeled as a security problem so most distributions did not address it immediately and others completely ignored it.

As everyone knows, Innovative Concepts helps companies with all their technology needs.  As a result, they are one of the few companies that supports Windows, Apple, and Linux devices.  Of course, most of the Linux servers that are used by their clients are directly managed by Innovative Concepts and are already protected.  However, some of their clients have Mac machines at home which may not even be discussed while at work.  Because of the severity of this issue, Innovative Concepts support staff felt that this blog article should be written and an email sent to all their clients.

Most know that a Windows machine needs Anti-Virus protection.  However, hardly any Mac / Linux owners know that they do too.  Innovative Concepts recommends the AVG product line and can help protect any computer, wireless device, smart phone, or tablet from a virus or any other vulnerability like this one or any of the many more to come.

Who is vulnerable from GHOST?

  • All Linux computers
  • All OS X (Mac) computers
  • Some Windows computers

What should you do?

Make sure your computer is up to date!

All computers these days have an automatic update feature.  This ability, even though automated, can also be run manually.  We recommend manually updating your computer each day for the next week or so.

If you have a Linux or Mac computer, your computer is most likely not updated to fix this.  Apple Computer and the other major Linux distributors are working diligently to provide a fix as quickly as possible.  Since Microsoft Windows is not Linux based, it does not inherently have this vulnerability.  However, since it does have a similar functionality, there is a potential risk for those out-of-date machines.  Remember, Windows XP can no longer be updated and should be replaced!

Yes, for full protection, a reboot is required even on your Mac/Linux machine!

Where can you get more information?

How can you test your computer?

 

Leave a Reply