The flaw can be exploited just by sending a malicious email to the victim.
Researchers atQualysdisclosed the flaw on Tuesday after many of the Linux distributions had released a patch for the flaw.
The flaw has been assigned vulnerability id CVE-2015-0235.
The Ghost Flaw
The Ghost vulnerability is present in the GNU C Library known as glibc.
Glibc is the C library that defines system calls in Linux.
The bug was first discovered to appear in in glibc in 2000.
Qualys says that it was fixed on May 21, 2013 in the versions between 2.17 and 2.18.
Now while doing a code audit, Qualys found the Ghost flaw in glibc.
The flaw in Glibc exposes abuffer overflowthat can be triggered locally and remotely in the gethostbyname functions.
Once they get remote access they can hijack the machine.
Qualys says that the PoC succeeded in bypassing all existing protection systems on both 32-bit and 64-bit systems.
Websense state that they had not seen any web-based or email-based exploitation of this flaw as of today.
However the flaw has been deemed as critical by Websense.
you’re able to check whether you machine is vulnerable to Ghost vulnerability by visiting the GitHubhere.
source: www.techworm.net
