GHOST vulnerability (CVE-2015-0235) in popular Linux library glibc allows remote code execution
At Recurly we constantly monitor mailing lists, forums, IRC channels and many other places for vulnerabilities that may cause software we use as part of our platform to be insecure. We update software every day, usually within minutes of vulnerabilities being discovered. Today was no exception. We had our production systems patched within an hour of discovering the vulnerability in popular Linux library glibc. This is a write up of how we did it, and how to protect yourself.
What is GHOST?
Most vulnerabilities we patch aren't given names, then again most vulnerabilities aren't this serious. GHOST (CVE-2015-0235) allows for remote code execution (someone can run commands on your system) against services that use the gethostbyname() function provided by glibc versions 2.17 and lower. For more technical information, see the initial disclosure post: http://www.openwall.com/lists/oss-security/2015/01/27/9
How can I tell if I'm vulnerable?
Chances are, if you are running Linux, you are currently vulnerable to this exploit. Further details will soon emerge on all the software applications that are vulnerable to this exploit, in the meantime we recommend that you patch all systems and reboot them.
How do I fix this?
If you are non-technical and you are worried about this, you should direct your technical employees to this post straight away. Patching internet facing systems should be your priority (web, load balancers, mail servers etc.).
For information on patching for different operating systems, see below:
Redhat / CentOS
For information on Redhat based distributions:
Redhat 5: https://rhn.redhat.com/errata/RHSA-2015-0090.html
Redhat 6/7: https://rhn.redhat.com/errata/RHSA-2015-0092.html
You should install the upgraded packages and reboot your machines.
Ubuntu 14.04 is not vulnerable. For Ubuntu 12.04, updates are already on the mirrors so you should update by doing:
DISCLAIMER: Do this at your own risk, make sure you understand what you are running first
apt-get update && apt-get -y install libc6
Make sure you reboot your machines after.
Why you're safe with Recurly
2015 has seen an unprecedented exposure to issues surrounding the lack of IT security in both the private and public sectors. This means businesses and users alike will continue to play a cat and mouse game with hackers. Recurly is in the business of powering your business, and that means making sure you and your customers are safe at all times.
“We need to thwart them at every turn, not just at the perimeter – without bringing business to a halt in the process” - Renato Mascardo, Recurly's CTO.