Last updated on 06 Sept 2023, 13:18:34.
Category:
Cloud servers
CentOS Cloud Servers Debian Virtuele Servers VPS
On January 27, 2015, it was released that the glibc has a buffer overflow bug in the gethostbyname() functions (hence the name GHOST).
Just like Shellshock or Heartbleed, this is a critical bug and the impact on the Linux server is huge.
The GHOST vulnerability only affects Linux servers using the GNU C library for version glib-c2.18. Systems using an unpatched version of glibc from version 2.2 (not 2.20!) to 2.17 are at risk. The following versions of Linux may be at risk and should be tested:
We therefore recommend that you check whether your server is subject to this bug, install the necessary fixes and restart the server.
You can check the GHOST exploit as follows:
The easiest - and fastest way - to find out if your server is impacted or not is to check the version of glibc on your server. We go over how to do this in Debian, Ubuntu, RHEL and CentOS.
Note that this check also only works for the general system GNU C library, not for self-compiled packages.
Verify the version of glibc by checking the version of ldd (ldd uses glibc):
ldd --version
The output will show you the version of elibbc, the glibc variant used by Debian and Ubuntu:
ldd (Debian EGLIBC <strong><u>2.13-38+deb7u7</u></strong>) 2.13 Copyright (C) 2011 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper.
In our example, we show the version underlined and in bold. If the version on your server is greater than or equal to one of the following, you are not eligible for the GHOST vulnerability.
If your version is OLDER than the above, please upgrade your server (see below).
The easiest way to check the version of glibc is by using rpm:
rpm -q glibc
You will see the following display, containing the version number in the package:
glibc-<strong><u>2.12-1.132</u></strong>.el6_5.3.x86_64
If the version you get back is more recent or equal to one of the below, you are not eligible for the GHOST vulnerability.
If your version is OLDER than the above, please upgrade your server (see below).
The fastest and easiest way to upgrade the version of glibc is by using the package manager in your Linux distribution: apt-get or yum eg.
For Debian and Ubuntu servers, we recommend upgrading your server to the latest version via apt-get dist-upgrade:
apt-get update && apt-get dist-upgrade
Follow the steps and after installation - this may take a while - restart your server. Then check again (see above) if the glibc version is correct.
Updating glibc is fastest via yum:
yum update glibc
Follow the steps and after installation - this may take a while - restart your server. Then check again (see above) if the glibc version is correct.
Were not all your questions answered?
Don't worry, we will be happy to help you via a support request!