On Tuesday, Akamai learned about and published a blog post highlighting a public vulnerability in the GNU C Library that could be exploited and used to take remote control of vulnerable Linux systems. Today, following our internal investigation, we have some additional information to share.
How Is Akamai protected?
Akamai's engineers have examined the primary software components that power the Akamai platform and to date have found they are not exposed to this flaw. Regardless, we are exercising caution and are patching older deployments of glibc. We recommend that other members of the Akamai community follow suit.
How can Akamai help protect my business?
Akamai Cloud Security products can provide partial protection against the glibc GHOST vulnerability, for example, by inspecting and filtering parameters sent in URL, header fields, or POST body to your application.
Today, we have defined and deployed protections for some customers to check and limit the length of HTTP headers like X-Forwarded-For, Referer, and Via in order to deliver this protection.
Finally, providing this protection requires deep knowledge of your application and its input space, including which portions of the HTTP request might eventually make their way into a gethostbyname call.
Please work directly with your Akamai Professional Services representative to define an appropriate Kona custom rule or other mitigation.