The GHOST in the Linux Machine? Busted

There isn’t all the much reason to be afraid of GHOST (gethostbyname) CVE-2015-0235 vulnerability in the open-source Linux GNU C LIbary (glibc) – is there?

The GHOST vulnerability was publicly disclosed ( by security vendor Qualys on an open-source security mailing list on January 27. While the vulnerability dis

“During a code audit performed internally at Qualys, we discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc),” the advisory warns. “This bug is reachable both locally and remotely via the gethostbyname*() functions, so we decided to analyze it — and its impact — thoroughly, and named this vulnerability “GHOST”.

While Qualys’ disclosure about the vulnerability is new, and the flaw has shiny new CVE number too (CVE-2015-0235), by Qualys’ own admission the bug was fixed on August 12, 2013 in the glibc-2.18 update.

So what’s the problem?

Read the full story at eWEEK:
GHOST Bug Not New, but Can Haunt Older Linux Versions

Sean Michael Kerner is a senior editor at Follow him on Twitter @TechJournalist.

News Around the Web