RealTime IT News

The GHOST in the Linux Machine? Busted

There isn't all the much reason to be afraid of GHOST (gethostbyname) CVE-2015-0235 vulnerability in the open-source Linux GNU C LIbary (glibc) - is there?

The GHOST vulnerability was publicly disclosed (http://www.openwall.com/lists/oss-security/2015/01/27/9) by security vendor Qualys on an open-source security mailing list on January 27. While the vulnerability dis

"During a code audit performed internally at Qualys, we discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc)," the advisory warns. "This bug is reachable both locally and remotely via the gethostbyname*() functions, so we decided to analyze it -- and its impact -- thoroughly, and named this vulnerability "GHOST".

While Qualys' disclosure about the vulnerability is new, and the flaw has shiny new CVE number too (CVE-2015-0235), by Qualys' own admission the bug was fixed on August 12, 2013 in the glibc-2.18 update.

So what's the problem?

Read the full story at eWEEK:
GHOST Bug Not New, but Can Haunt Older Linux Versions

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.