Deadly Linux Bug Puts Millions Of Systems At Risk, Patch Now Available

17 February 2016, 6:46 pm EST By Vincent Lanaria Tech Times
Millions of Linux systems could be affected by this bug that allows hackers to invade a machine via remote code execution. Get the patch now and steer clear of this issue.  ( Sean Gallup | Getty Images )

A huge vulnerability in the GNU C Library (glibc) puts millions of systems at risk, giving hackers the opportunity to take control of Linux machines.

What this entails is that cyber intruders could steal data and manipulate Linux computers that are connected to the Internet via remote code execution. They can even spy on them or anything else along those lines.

The vulnerability is CVE 2015-7547, and it's a stack-based buffer overflow bug that dates back to when glibc 2.9 rolled out in 2008. That means virtually anyone who uses this version of the GNU C Library is standing exposed to attacks.

Google made a report concerning the problem, warning users to take proper measures.

"Our initial investigations showed that the issue affected all the versions of glibc since 2.9. You should definitely update if you are on an older version though. If the vulnerability is detected, machine owners may wish to take steps to mitigate the risk of an attack," Google says.

The company also notes that it will not release its exploit code, but along with the blog post, it has uploaded a Proof of Concept so that users will be able to check whether or not they are affected by the issue at hand.

Meanwhile, Red Hat also reported the issue, releasing a patch that'll resolve it.

"A back of the envelope analysis shows that it should be possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and therefore allow attackers to exploit machines behind such caches," Carlos O'Donnell, software engineer at Red Hat, says.

According to Kaspersky Lab, Web frameworks such as Python, PHP and Rails and all Linux servers are affected. It's also worth mentioning that the flaw can have an impact on any other Unix-based operating system, including Android and iOS.

Glibc is also the main reason behind the Ghost flaw that researchers found out a year ago, making this the second time that a huge vulnerability bared its fangs in the library.

While the process is as simple as downloading and installing for other users, it may not be the case for users with apps that were compiled with the affected glibc.

To boil things down, every Linux user is advised to verify whether they're affected or not, and apply the patch as soon as possible.

© 2016 Tech Times, All rights reserved. Do not reproduce without permission.


Five Reasons You Should Buy An iPhone 6s And Not iPhone 7

Real Time Analytics