Ghost to the Shell

During a code audit, researchers at Qualys discovered a buffer overflow in the __nss_hostname_digits_dots() function of glibc which can get access to the shell.

The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials.

During their testing, they developed a proof-of-concept in which they sent a specially created e-mail to a mail server and got a remote shell to the Linux machine.

It’s called GHOST because it can be triggered by the GetHOST functions. There are exploits in the wild, there are also patches.

This entry was posted in Security Blog and tagged , , , , , . Bookmark the permalink.