A public vulnerability in the GNU C Library that could be exploited to take remote control of vulnerable Linux systems was recently disclosed. Akamai is aware of this disclosure and is currently evaluating its exposure to this vulnerability, if any.
Specifically, the problem is a heap-based buffer overflow in the glibc's __nss_hostname_digits_dots() function used in gethostbyname() and gethostbyname2() glibc function calls. The vulnerability, commonly known as "Ghost" in the media, affects Linux systems.
Here are some excerpts from information that is publicly available:
- According to the Red Hat Bugzilla advisory, an attacker could remotely exploit this condition to make an application call either of these functions. In the process, the attacker could launch malicious code with the permissions of the user running the application.
- Threatpost published a report on the vulnerability this morning, having this to say: "The vulnerability, CVE-2015-0235, has already been nicknamed GHOST because of its relation to the _gethostbyname function. Researchers at Qualys discovered the flaw, and say it goes back to glibc version 2.2 in Linux systems published in November 2000."
- The issue was first reported Tuesday by security vendor Qualys. In a separate advisory, Qualys researchers said they stumbled upon the vlnerability during an internal code audit. "We discovered a buffer overflow in the __nss_hostname_digits_dots() function of the GNU C Library (glibc)," Qualys said in the advisory. "This bug is reachable both locally and remotely via the gethostbyname*() functions, so we decided to analyze it -- and its impact -- thoroughly, and named this vulnerability GHOST."
The issue has so far been addressed in several popular Linux distributions.