Specifically categorized as GHOST (gethostbyname) CVE-2015-0235, the GHOST bug flaw resides in the gethostbyname() and gethostbyname2() function calls in older versions of the GNU C Library (glibc) that is packaged with a variety of Linux distributions, including versions 5, 6 and 7 of Centos / RHEL / Fedora as well as Ubuntu 12.04.
In addition to older Linux distributions being vulnerable, applications and websites running on server hosts that use these older distributions may be susceptible to the GHOST bug as well, including Wordpress Web sites and various PHP applications.
Discovery of the GHOST Bug and Patches for the Vulnerability
The GHOST bug was first found and documented by security firm Qualys in early 2015. The GHOST vulnerability only affects older versions of the glibc library, as it was patched in the glibc-2.18 update, which debuted in August 2013.
However, while updated versions of glibc library have been available since 2013, it’s very common for enterprise servers to continue running older versions of Linux that are considered more stable. As a result, the GHOST bug has remained an open vulnerability for many enterprises despite patched versions of the glibc library being available.
While there isn't much evidence at this time of the GHOST bug being maliciously targeted by attackers, security researchers do recommend updating vulnerable installations of Linux as quickly as possible to prevent potential exploitation.
Stay up to date on the latest developments in Internet terminology with a free weekly newsletter from Webopedia. Join to subscribe now.
From cute electronic toys to VR gaming, here are 5 hot gifts to give to your special tech enthusiast this holiday season. Read More »What's Hot in Tech: AI Tops the List
Like everything in technology, AI touches on so many other trends, like self-driving cars and automation, and Big Data and the Internet of Things... Read More »DevOp's Role in Application Security
As organizations rush to release new applications, security appears to be getting short shrift. DevSecOps is a new approach that holds promise. Read More »
Java is a high-level programming language. This guide describes the basics of Java, providing an overview of syntax, variables, data types and... Read More »Java Basics, Part 2
This second Study Guide describes the basics of Java, providing an overview of operators, modifiers and control Structures. Read More »The 7 Layers of the OSI Model
The Open System Interconnection (OSI) model defines a networking framework to implement protocols in seven layers. Use this handy guide to compare... Read More »