GHOST Vulnerability (glibc)

Bare Metal Servers and Cloud Server Hosting

InetServices offers both Windows and Linux bare metal server hosting, and cloud server hosting for any small to medium size business. We also offer both PCI and HIPAA Compliant servers allowing you to achieve PCI or HIPAA Compliance without all the worries of figuring it out. InetServices offers much more than just dedicated servers and cloud servers, we offer you a complete solution to your hosting needs including Big Data, Disaster Recovery, and High Availability services.

On January 27, 2015, the GHOST vulnerability was announced by Qualys. This vulnerability allows remote attackers to take complete control of a system by exploiting a buffer overflow bug in a glibc function GetHOST. This vulnerability should be considered serious and all affected servers should be patched immediately.

The GHOST vulnerability can be exploited on Linux systems that use versions of the GNU C Library prior to glibc-2.18. All Linux systems that use glibc from versions 2.2 to 2.17 are at risk. The following Linux distributions should be checked and patched:

• CentOS 6 & 7
• Debian 7
• Red Hat Enterprise Linux 6 & 7
• Ubuntu 10.04 & 12.04

Install Security Updates:
The easiest way to fix the GHOST vulnerability is to upgrade glibc to the latest version.

CentOS / RHEL
Update glibc to the latest version via yum:
# sudo yum update glibc

Respond to the confirmation prompt with y.

NOTE: When the update is complete, reboot the server:
# sudo reboot

Ubuntu / Debian
For Ubuntu or Debian, update all of your system packages via apt-get dist-upgrade:
# sudo apt-get update && sudo apt-get dist-upgrade

Respond to the confirmation prompt with y.

NOTE: When the update is complete, reboot the server:
# sudo reboot