Wednesday, 28 January 2015

The GHOST Vulnerability

Orange ghost


A serious flaw has been discovered in a range of Linux distributions. The GHOST vulnerability potentially allows attackers to gain control of a remote system via a weakness in the glibc library and affects many stable and long-term-support distributions. Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7 and Ubuntu 12.04 are all vulnerable.

We are patching machines managed by us to make sure they aren't vulnerable. We'll also take care of patching virtual machines hosted by us in our VMWare estate.

If you are responsible for any Linux servers or desktops, please ensure they are patched as soon as possible. Patches for the most common distributions are already available. Systems built on Linux architecture (e.g. control systems, NAS drives etc) may not have a patch available yet, so please keep an eye on the vendors website/security patches as usual.


If you want to know more about the GHOST vulnerability here’s the original blog post from Qualys

Please feel free to contact us at helpdesk@sheffield.ac.uk if you’d like further information about this vulnerability, general good practice, hosting systems with CiCS or any other security related matters.