Blog
Data Security
GHOST Vulnerability…Not That Scary

GHOST Vulnerability…Not That Scary

If you have any questions, please contact SecurityMetrics support, 801.705.5700.

Updated
December 7, 2022
Posted
January 29, 2015
Cybersecurity
PCI
GDPR
GHOST Vulnerability…Not That Scary

Who it affects, how hackers could use it, and what you should do about it.

The recently discovered GHOST vulnerability is a bug that could potentially allow a buffer overflow in Linux systems. Sounds scary, right? In reality, all the media surrounding this vulnerability has hyped it up more than it deserves.

Although GHOST (CVE-2015-0235) is categorized as a 10 on the NIST database, if you dive deeper into the vulnerability it has a very low probability and is extremely difficult to exploit.

Here are the facts

  • GHOST affects the gethostbyname and gethostbyname2 functions in the Linux GNU C library (glibc)
  • The vulnerability could enable attackers to remotely take control of a system through a buffer overflow
  • This vulnerability has been patched since May 2013, which means new Linux systems, and any patched systems, aren’t affected

Which systems are affected?

  • Debian 7 (Wheezy)
  • Red Hat Enterprise Linux 5/6/7
  • CentOS 6/7
  • Ubuntu 12.04
  • Any other systems using glibc versions from 2.2 to 2.18

See also: SSL 3.0 POODLE Vulnerability Update

Can I be compromised through GHOST?

While this is a legitimate attack, the likelihood of being compromised via GHOST is extremely small. So far, only the Exim Mail Transfer Agent has been confirmed as possibly exploitable. Even if you use Exim, the Exim gethostbyname configuration option is off by default.

Let us put this in context. Out of all the vulnerability scans SecurityMetrics customers ran on their systems in 2015, only .01% detected the use of Exim. That percentage decreases exponentially when you consider that the Exim gethostbyname configuration must be turned on for the Linux system to be vulnerable, and there must be an exploitable version of the glibc library on the system.

Our recommendations

  • Don’t panic
  • Apply glibc patches on your systems, if needed
  • If you’re worried about a breach, start watching your logs for abnormal program terminations (crash reports)
If you have any questions, please contact SecurityMetrics support, 801.705.5700.

Join thousands of security professionals.

Subscribe Now

Get the Guide To PCI Compliance

Download

Get a Quote for Data Security

Request a Quote
Stay up to date
Subscribe to our blog.
Subscribe Now
Data Security
Vulnerability ScanningPenetration TestingSecurity TrainingPANscan®SecurityMetrics VisionSecurityMetrics MobileCIS Controls AssessmentConsultingResellerForensic/Incident ResponseData and Network SecurityData Security AcademyWebpage Integrity Monitoring (WIM)Shopping Cart Inspect (PCI Req. 11.6.1)Shopping Cart Monitor (PCI Req. 11.6.1)SecurityMetrics Pulse
Compliance
GDPR CompliancePCI CompliancePCI DSS AuditPCI Level 4 ProgramPA-DSS/SSF AuditP2PE AuditPIN Security AssessmentPCI PoliciesPCI TrainingHIPAA ComplianceHIPAA PoliciesHIPAA TrainingHealth Network ProgramHITRUST
Company Info
About UsBlogGlossaryMedia RelationsCareersTerms of UsePrivacyAbuseDo Not Sell My Information
Contact
Contact UsReport a Vulnerability
SecurityMetrics podcast logoLinkedIn logoFacebook logo
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy PolicyTerms and Conditions
Your IP Address is:
YouTube logoSecurityMetrics podcast logoLinkedIn logoFacebook logo
Subscribe to our blog
Subscribe Now
© 2025 SecurityMetrics, Inc. All rights reserved.
Privacy Policy
|
Terms and Conditions
|
Your IP Address is:
000.000.000.000