Deadly Linux Bug Puts Millions Of Systems At Risk, Patch Now Available
A huge vulnerability in the GNU C Library (glibc) puts millions of systems at risk, giving hackers the opportunity to take control of Linux machines.
What this entails is that cyber intruders could steal data and manipulate Linux computers that are connected to the Internet via remote code execution. They can even spy on them or anything else along those lines.
The vulnerability is CVE 2015-7547, and it's a stack-based buffer overflow bug that dates back to when glibc 2.9 rolled out in 2008. That means virtually anyone who uses this version of the GNU C Library is standing exposed to attacks.
No, seriously, patch glibc today. This is bad. pic.twitter.com/lUd9r4NdgZ
— Kenn White (@kennwhite) February 16, 2016
Google made a report concerning the problem, warning users to take proper measures.
"Our initial investigations showed that the issue affected all the versions of glibc since 2.9. You should definitely update if you are on an older version though. If the vulnerability is detected, machine owners may wish to take steps to mitigate the risk of an attack," Google says.
The company also notes that it will not release its exploit code, but along with the blog post, it has uploaded a Proof of Concept so that users will be able to check whether or not they are affected by the issue at hand.
Meanwhile, Red Hat also reported the issue, releasing a patch that'll resolve it.
"A back of the envelope analysis shows that it should be possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and therefore allow attackers to exploit machines behind such caches," Carlos O'Donnell, software engineer at Red Hat, says.
According to Kaspersky Lab, Web frameworks such as Python, PHP and Rails and all Linux servers are affected. It's also worth mentioning that the flaw can have an impact on any other Unix-based operating system, including Android and iOS.
Glibc is also the main reason behind the Ghost flaw that researchers found out a year ago, making this the second time that a huge vulnerability bared its fangs in the library.
While the process is as simple as downloading and installing for other users, it may not be the case for users with apps that were compiled with the affected glibc.
To boil things down, every Linux user is advised to verify whether they're affected or not, and apply the patch as soon as possible.