Vendors patch 15-year-old critical Linux vuln
Flaw could be exploited to allow remote code running, total-access control of target, say researchers
Linux vendors have released patches for their systems in response to an undisclosed 15-year-old vulnerability that allows remote code-running on infected machines, online media reported.
Cyber-sec specialist Qualys discovered the flaw, which could lead to complete control of a target machine if left unchecked. The flaw is known as GHOST, as it is triggered by the "gethostbyname" function.
The vulnerability affects any machine running a version of the GNU C library (glibc) from 2.2 onwards, dating the flaw back to November 2000, according to TechTarget.
While the flaw was fixed in the library was fixed in May 2013, Linux vendors did not patch systems because the problem had not been flagged as a security threat, Qualys explained in a blog post. Deployment bundles affected include Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7, and Ubuntu 12.04.