Skip to main content
BlogCloud OverviewsThe GHOST Vulnerability

The GHOST Vulnerability

Heads up everybody – a Linux vulnerability known as GHOST (CVE-2015-0235), discovered by Qualys, has recently been publicized. This particular vulnerability is a nasty one, since it allows for remote code execution.

The vulnerability has been exhaustively documented in this Security Advisory, which you may find interesting. In short, the vulnerability exists within glibc in __ns_hostname_digits_dots(), which deals with hostname resolution via the gethostbyname() call.

Am I Vulnerable?

Yes, most likely. In order to address this, you’ll want to ensure that you have updated and rebooted your systems.

Debian and Ubuntu have updated packages for their supported distributions. Run apt-get update && apt-get dist-upgrade to bring your system up to date, and then reboot to ensure no references to the old libraries still exist.

For other popular distributions, please follow their equivalent steps for upgrading packages.  For more information, you can follow our GHOST guide.

Is Linode Infrastructure vulnerable?

No. Our Security Team has worked to protect our infrastructure from this vulnerability and we have taken the appropriate steps to address this issue on all of our systems.

Comments (9)

  1. Author Photo

    My server is running Ubuntu 12.04.1 do I need to upgrade in order for this to be fixed or will it be in the repo’s?

  2. Author Photo

    You shouldn’t need to upgrade to a new version of Ubuntu, simply updating through your package manager, then rebooting, will suffice for addressing this issue.

  3. Author Photo

    I run musl-libc so wasn’t vulnerable. You glibc plebs… poor sods.

  4. Author Photo

    My linode is running on CentOS 6.4. I have updated the glibc package with yum manager but still the version showing is 2.12 after update. I run some script to check the whether the server is affected by ghost. the system showing is vulnerable.. how to fix ..let me know..

  5. Author Photo

    A practical thing (hope it could be helpful for anyone). You don’t need to reboot the whole server after updating. If you are not able to do reboot — use this cmd which relaunchs only several applications that actually use vulnerable glibc:

    for s in $(lsof | grep libc | awk ‘{print $1}’ | sort | uniq); do if [[ -f “/etc/init.d/$s” && “$(ps aufx | grep -v grep | grep $s)” ]]; then echo $s; service $s restart; fi; done

    From: http://blog.wallarm.com/post/109402223343/ghost-a-brief-recap-of-what-you-need-to-know

  6. Author Photo

    @Jonathan Leal – You don’t need to restart your server, typing execute ‘lsof | grep libc | awk ‘{print $1}’ | sort | uniq’ and it’s enough.

  7. Author Photo

    Thanks for the quick response and posting about this, Linode. 🙂

  8. Author Photo
  9. Author Photo

    The above lsof commands have a problem!!! They only return the first 9 characters of the command name.

    $ lsof | grep libc | grep redis
    redis-ser 3303….

    vs:

    lsof +c 0 | grep libc | grep redis
    redis-server 3303

    You may well miss services that need to be restarted without “+c 0”

Leave a Reply

Your email address will not be published. Required fields are marked *