Vendors patch 15-year-old critical Linux vuln

Flaw could be exploited to allow remote code running, total-access control of target, say researchers

Tags: Red Hat IncorporationUbuntu
  • E-Mail
Vendors patch 15-year-old critical Linux vuln
By  Stephen McBride Published  January 28, 2015

Linux vendors have released patches for their systems in response to an undisclosed 15-year-old vulnerability that allows remote code-running on infected machines, online media reported.

Cyber-sec specialist Qualys discovered the flaw, which could lead to complete control of a target machine if left unchecked. The flaw is known as GHOST, as it is triggered by the "gethostbyname" function.

The vulnerability affects any machine running a version of the GNU C library (glibc) from 2.2 onwards, dating the flaw back to November 2000, according to TechTarget.

While the flaw was fixed in the library was fixed in May 2013, Linux vendors did not patch systems because the problem had not been flagged as a security threat, Qualys explained in a blog post. Deployment bundles affected include Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7, and Ubuntu 12.04.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code