How to protect your Linux server against the GHOST vulnerability (CVE-2015-0235)

Last updated on 06 Sept 2023, 13:18:34.
Category: Cloud servers

CentOS Cloud Servers Debian Virtuele Servers VPS

What is the GHOST exploit?

On January 27, 2015, it was released that the glibc has a buffer overflow bug in the gethostbyname() functions (hence the name GHOST).

Just like Shellshock or Heartbleed, this is a critical bug and the impact on the Linux server is huge.

The GHOST vulnerability only affects Linux servers using the GNU C library for version glib-c2.18. Systems using an unpatched version of glibc from version 2.2 (not 2.20!) to 2.17 are at risk. The following versions of Linux may be at risk and should be tested:

  • CentOS 6 & 7
  • Debian 7
  • RHEL (Red Hat Enterprise Linux) 6 & 7
  • Ubuntu 10.04 & 12.04
  • End of Life Linux distributions (e.g. CentOS 5)

We therefore recommend that you check whether your server is subject to this bug, install the necessary fixes and restart the server.

You can check the GHOST exploit as follows:

How to check your server?

The easiest - and fastest way - to find out if your server is impacted or not is to check the version of glibc on your server. We go over how to do this in Debian, Ubuntu, RHEL and CentOS.
Note that this check also only works for the general system GNU C library, not for self-compiled packages.

Debian and Ubuntu servers

Verify the version of glibc by checking the version of ldd (ldd uses glibc):

ldd --version

The output will show you the version of elibbc, the glibc variant used by Debian and Ubuntu:

ldd (Debian EGLIBC <strong><u>2.13-38+deb7u7</u></strong>) 2.13
Copyright (C) 2011 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

In our example, we show the version underlined and in bold. If the version on your server is greater than or equal to one of the following, you are not eligible for the GHOST vulnerability.

  • Ubuntu 12.04: 2.15-0ubuntu10.10
  • Ubuntu 10.04: 2.11.1-0ubuntu7.20
  • Debian 7: 2.13-38+deb7u7

If your version is OLDER than the above, please upgrade your server (see below).

RHEL and CentOS servers

The easiest way to check the version of glibc is by using rpm:

rpm -q glibc

You will see the following display, containing the version number in the package:

glibc-<strong><u>2.12-1.132</u></strong>.el6_5.3.x86_64

If the version you get back is more recent or equal to one of the below, you are not eligible for the GHOST vulnerability.

  • CentOS 6: glibc-2.12-1.149.el6_6.5
  • CentOS 7: glibc-2.17-55.el7_0.5
  • RHEL 5: glibc-2.5-123.el5_11.1
  • RHEL 6: glibc-2.12-1.149.el6_6.5
  • RHEL 7: glibc-2.17-55.el7_0.5

If your version is OLDER than the above, please upgrade your server (see below).

How to fix the vulnerability?

The fastest and easiest way to upgrade the version of glibc is by using the package manager in your Linux distribution: apt-get or yum eg.

Debian and Ubuntu: apt-get

For Debian and Ubuntu servers, we recommend upgrading your server to the latest version via apt-get dist-upgrade:

apt-get update && apt-get dist-upgrade

Follow the steps and after installation - this may take a while - restart your server. Then check again (see above) if the glibc version is correct.

CentOS and RHEL: yum

Updating glibc is fastest via yum:

yum update glibc

Follow the steps and after installation - this may take a while - restart your server. Then check again (see above) if the glibc version is correct.


Related articles

Hoe de taal van Kinamo webmail aanpassen

Dit FAQ-artikel legt uit hoe je de taal van de gebruikersinterface kunt aanpassen in Kinamo Webmail

Read more

Can I read my e-mail online (through webmail)?

Each Kinamo e-mail address can be checked through an extensive webmail e-mail client. The only thing you need are an...

Read more

Create an automatic SPAM filter in the Kinamo Webmail

Do you have an email with Kinamo? Discover here how to create a special filter via Kinamo Webmail to keep...

Read more

Need extra help?

Were not all your questions answered?
Don't worry, we will be happy to help you via a support request!

Kinamo

Select your language

All languages: