New critical GLibc vulnerability discovered

Googles online security research team has discovered a new vulnerability which affects glibc versions from 2.9 and higher. The glibc DNS client side resolve is vulnerable to a stack based buffer overflow when the getaddrinfo() library function is used. This function performs domain-name lookups, the buffer overflow bug allows attackers to execute malcious codes.

How it can affect your system depends on many factors but if you run any of these versions you should definitely update as soon as possible. The maintainers of glibc have already released an update that patches the vulnerability.

Determining vulnerability

The easiest way to check for the vulnerability is the Red Hat Access Lab: glibc (GHOST) Detector. Make sure that you have installed the correct version. When your system is affected you should reboot the system or restart all affected services. This vulnerability can affect a large amount of applications, so the safest way is to restart the system just to be sure that the updated glibc version is installed on every application.

If you are not able to restart your system after your update, you can execute the following command to list all running processes that are still using the old version of glibc.

lsof +c0 -d DEL | awk ‘NR==1 || /libc-/ {print $2,$1,$4,$NF}’ | column -t

The result list will help you to identify the public-facing services and restart them.