Linux Security

Patching The Ghost Vulnerability

The Ghost vulnerability, also known as CVE-2015-0235, is an exploit in a library named glibc. This library is referenced by many applications which run on your server.

The exploit is a bug which affects 2 pieces of code which are used to do a DNS lookup, which translates a hostname to an IP address. A hacker could use a well-formed request to execute arbitrary code on your server.

Note: This only applies to self-managed Linux servers. This does not apply to any FreeBSD, or Windows server. This also does not apply to any server on our managed platform.

Luckily, this is a very simple fix and can be done in less than a minute.

Step 1: Update Packages

The glibc and nscd packages will need to be updated.

Please run the appropriate command based on your distribution of Linux. If your distribution is not listed, you can try both of these commands. One of them should work.

CentOS or RHEL:
yum -y update glibc nscd

 

Ubuntu, Gentoo, Debian:
sudo apt-get update glibc nscd

Step 2: Reboot

The only way to be absolutely sure that the vulnerable package is completely removed from your system is to reboot. There are many applications that could be running that will still have the old version of the library loaded. Theoretically you could restart all of these services, however it would be quicker, easier, and safer to reboot your system at a time when your server is not under heavy load.

shutdown -r now

Related Articles

  • Vi Commands 101

    Cursor movement h – move left j – move down k – move up l – move right w – jump by start of words (punctuation considered words) W –...
  • Disable SELinux

    Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the Linux kernel. This mechanism adds an extra layer of access security to your files,directories,devices, ports and...
  • Identify the process that is using some specific port

    Sometimes, you may encounter a situation where you see some ports being used by some service, but you cannot exactly determine which application/service is using it. This article talks about how...
  • Scanning for rootkits and possible exploits – RKHunter

    Rootkits are malicious softwares that are installed by intruders to gain access to your server once the security of the server has been breached.  Intruders can leave some malicious softwares...