GHOST Vulnerability Bug Report
This Post details the implications and status of the GHOST Vulnerability Bug that has just been discovered/reported.
What is this about?
This is a serious security issue that has a widespread global coverage.
Starting from today we are seeing the mainstream-media also pick up on this issue and report on it (e.g. in Australia).
The bug, which is being referred to as “GHOST” (GetHOSTbyname function), can allow, in some circumstances, attackers to run arbitrary code on systems running various Linux operating systems as an attack vector. However, closer inspection reveals that this particular vulnerability, while serious, is not easy to exploit and has a very limited attack surface.
Additional technical details about the issue can be found at CVE-2015-0235.
When was a “fix” released?
The root cause was actually fixed in May 2013 and therefore, newer systems that are updated and maintained are not at risk.
Over the past 24hrs, upstream developers have patched and released a software update that fixes the bug in pre-May 2013 provisioned systems, and in the hours that followed this was incorporated into various software vendor/open-source patch/update packages, for application onto affected servers by system administrators.
What has Mach done?
Following publication of the security alert by the authorities, Mach immediately completed a full audit of all systems (via a special automated test performed by our 24/7 Enterprise Monitoring Platform), and this immediately identified a very small number of older legacy-OS servers that required the patched version of glibc to be applied.
Mach then applied the update/fix to all such identified systems, in a risk-prioritised order, within 24hrs.
No Firewall or Router infrastructure was affected.
No known issues have arisen as a result of this Bug in any Mach-managed infrastructure.