Linux distros quickly patch critical 'Ghost' vulnerability

Major distributors of the Linux operating system today released patches for a newly-discovered vulnerability that could allow hackers to gain remote control of user systems.

The previously undisclosed vulnerability, dubbed "Ghost", was rated critical as it can be exploited to give attackers remote control over systems without requiring system IDs or passwords.

The buffer overflow flaw - which resides in the Linux GNU C Library (glibc) - was discovered by cloud security firm Qualys, which alerted the major Linux distributors soon after the discovery in order for patches to be released.

The vulnerability has been named 'Ghost' because it is triggered by glibc's gethostbyname functions.

An attacker can exploit the gethostbyname() and gethostbyname2() functions by triggering a buffer overflow flaw in both.The Ghost vulnerability allows attackers to remotely execute any code on servers, with the privileges of the logged in user.

"Ghost poses a remote code execution risk that makes it incredibly easy for an attacker to exploit a machine. For example, an attacker could send a simple email on a Linux-based system and automatically get complete access to that machine," Wolfgang Kandek, Qualys's CTO, said in a statement.

"Given the sheer number of systems based on glibc, we believe this is a high severity vulnerability and should be addressed immediately. The best course of action to mitigate the risk is to apply a patch from your Linux vendor."

Qualys said it had written proof-of-concept code to carry out the code execution attack, and successfully bypassed all existing exploit protections on both 32-bit and 64-bit systems.

Qualys director of engineering Amol Sarwate said he was not aware of any cases in which the Ghost vulnerability had been exploited in the wild, but said motivated hackers would be able to figure out how now that the bug has been disclosed.

"We were able to do it. We think somebody with good security knowledge would also be able to do it," he said.

Top Linux provider Red Hat recommended customers update their systems "as soon as possible to mitigate any potential risk".

Other Linux systems vulnerable to attack include Debian 7 (Wheezy), RHEL 5, 6, and 7, CentOS 6 and 7 and Ubuntu 12.04, according to Qualys.