Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / Flaw Puts All Linux Machines at Risk
Severe Glibc Flaw Puts Every Linux Machine in Danger
Severe Glibc Flaw Puts Every Linux Machine in Danger
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Glibc, also known as the GNU C Library, is carrying a critical vulnerability. Glibc is used as the C library in the GNU system and in GNU/Linux systems, as well as many other systems that tap Linux as the kernel.

The widespread use of glibc puts every Linux machine at risk of a remote code execution, which means a hacker can plant and run code on a machine from a remote computer. The bug has been patched.

During a debugging project, a Google engineer randomly discovered a segmentation fault every time he tried to connect to a specific host. When a program is trying to read or write an illegal memory location, a segmentation fault causes programs to crash, according to Indiana University.

“Our initial investigations showed that the issue affected all the versions of glibc since 2.9. You should definitely update if you are on an older version though,” Fermin Serna, staff security engineer and Kevin Stadmeyer, technical program manager at Google, wrote in a blog post. “If the vulnerability is detected, machine owners may wish to take steps to mitigate the risk of an attack.”

What Happened?

According to Google researchers, the glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the “getaddrinfo()” library function is used. Attackers can use domain names and DNS servers to exploit the hack, or launch man-in-the-middle attacks. A man-in the-middle attack is when an attacker secretly relays and sometimes alters communications between two people or parties who believe they are genuinely talking directly to one another.

However, although remote code execution is possible, it’s not especially easy. An attacker would have to find out a way to get around security mitigations the system contains, like ASLR. ASLR stands for address space layout randomization, which security firm Symantec defines as a prophylactic security technology aimed at reducing the effectiveness of exploit attempts.

“Google has found some mitigations that may help prevent exploitation if you are not able to immediately patch your instance of glibc. The vulnerability relies on an oversized (2048+ bytes) UDP or TCP response, which is followed by another response that will overwrite the stack,” the researchers wrote. “Our suggested mitigation is to limit the response (i.e., via DNSMasq or similar programs) sizes accepted by the DNS resolver locally as well as to ensure that DNS queries are sent only to DNS servers, which limit the response size for UDP responses with the truncation bit set.”

Seeing a Ghost

In July, glibc was the victim of what is now known as the Ghost bug. That vulnerability was caused by a buffer overflow in a system library that is used in many, if not most, Linux distributions. A buffer overflow condition happens when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer, according to OWASP, an open source software security company.

Major Linux distributors rated the Ghost vulnerability critical. The flaw allowed remote attackers to take complete control of the compromised system without any prior knowledge of system credentials, according to Symantec.

“The first vulnerable glibc version (2.2) was released in November 2000,” Symantec said in a blog post last month. “Most stable and long-term support distributions were left exposed until now because the vulnerability was not recognized as a security threat.”

Image credit: Screenshot of GNU operating system via GNU.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.