Home / / Vendors patch 15-year-old critical Linux vuln

Vendors patch 15-year-old critical Linux vuln

Flaw could be exploited to allow remote code running, total-access control of target, say researchers

Vendors patch 15-year-old critical Linux vuln

Linux vendors have released patches for their systems in response to an undisclosed 15-year-old vulnerability that allows remote code-running on infected machines, online media reported.

Cyber-sec specialist Qualys discovered the flaw, which could lead to complete control of a target machine if left unchecked. The flaw is known as GHOST, as it is triggered by the "gethostbyname" function.

The vulnerability affects any machine running a version of the GNU C library (glibc) from 2.2 onwards, dating the flaw back to November 2000, according to TechTarget.

While the flaw was fixed in the library was fixed in May 2013, Linux vendors did not patch systems because the problem had not been flagged as a security threat, Qualys explained in a blog post. Deployment bundles affected include Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7, and Ubuntu 12.04.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.