Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 12 MINUTES AGO.
You are here: Home / Computing / Flaw Puts All Linux Machines at Risk
Severe Glibc Flaw Puts Every Linux Machine in Danger
Severe Glibc Flaw Puts Every Linux Machine in Danger
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
17
2016
Glibc, also known as the GNU C Library, is carrying a critical vulnerability. Glibc is used as the C library in the GNU system and in GNU/Linux systems, as well as many other systems that tap Linux as the kernel.

The widespread use of glibc puts every Linux machine at risk of a remote code execution, which means a hacker can plant and run code on a machine from a remote computer. The bug has been patched.

During a debugging project, a Google engineer randomly discovered a segmentation fault every time he tried to connect to a specific host. When a program is trying to read or write an illegal memory location, a segmentation fault causes programs to crash, according to Indiana University.

“Our initial investigations showed that the issue affected all the versions of glibc since 2.9. You should definitely update if you are on an older version though,” Fermin Serna, staff security engineer and Kevin Stadmeyer, technical program manager at Google, wrote in a blog post. “If the vulnerability is detected, machine owners may wish to take steps to mitigate the risk of an attack.”

What Happened?

According to Google researchers, the glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the “getaddrinfo()” library function is used. Attackers can use domain names and DNS servers to exploit the hack, or launch man-in-the-middle attacks. A man-in the-middle attack is when an attacker secretly relays and sometimes alters communications between two people or parties who believe they are genuinely talking directly to one another.

However, although remote code execution is possible, it’s not especially easy. An attacker would have to find out a way to get around security mitigations the system contains, like ASLR. ASLR stands for address space layout randomization, which security firm Symantec defines as a prophylactic security technology aimed at reducing the effectiveness of exploit attempts.

“Google has found some mitigations that may help prevent exploitation if you are not able to immediately patch your instance of glibc. The vulnerability relies on an oversized (2048+ bytes) UDP or TCP response, which is followed by another response that will overwrite the stack,” the researchers wrote. “Our suggested mitigation is to limit the response (i.e., via DNSMasq or similar programs) sizes accepted by the DNS resolver locally as well as to ensure that DNS queries are sent only to DNS servers, which limit the response size for UDP responses with the truncation bit set.”

Seeing a Ghost

In July, glibc was the victim of what is now known as the Ghost bug. That vulnerability was caused by a buffer overflow in a system library that is used in many, if not most, Linux distributions. A buffer overflow condition happens when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer, according to OWASP, an open source software security company.

Major Linux distributors rated the Ghost vulnerability critical. The flaw allowed remote attackers to take complete control of the compromised system without any prior knowledge of system credentials, according to Symantec.

“The first vulnerable glibc version (2.2) was released in November 2000,” Symantec said in a blog post last month. “Most stable and long-term support distributions were left exposed until now because the vulnerability was not recognized as a security threat.”

Image credit: Screenshot of GNU operating system via GNU.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN COMPUTING
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.