Linux Exploit

[ECF]

Thought I would pass this on as I received an email about it today.

 

Vulnerability to CVE-2015-2035/GHOST is currently being investigated across all McAfee products.

 

Impact:

The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. This buffer overflow vulnerability can be triggered both locally and remotely. CVE-2015-0235 has been assigned to this issue.

 

The GNU C Library or glibc is an implementation of the standard C library and is a core part of the Linux operating system. Linux distribution vendors have released patches for all distribution as of January 27, 2015.

 

RECOMMENDATION

McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see McAfee KnowledgeBase article SB10100, McAfee SEcurity Bulletin - GHOST Vulnerability https://kc.mcafee.com/corporate/index?page=content&id=SB10100

[Raizio]

Pretty much every major distributions already have the updates out.

 

yum update!

 

Or whatever your distro uses.

[Dennis]

Oh, so that was why there were glib6 updates on all of our servers a couple of days ago when I did apt-get upgrade... Didn't know of this exploit, but I'm glad that we already have updated everything... Not home before tonight, and I would hate to have anything happen to our machines in the meanwhile!