GHOST Flaw Spooks Web Servers Worldwide
Thursday 29th January 2015 at 3:03pm by Daniel Oxenbury
There has been a new vulnerability discovered in Linux systems. This flaw has been discovered in older versions of GNU C library although this doesn't sound scary, but it is for web developers and system administrators as most linux based servers will still be using the old glibc versions released before august 2013. The newly disclosed flaw opens up most Linux-based Web and mail servers for remote command execution. It is possible that this flaw is related to twitter and face books down time lately. GHOST (CVE-2015-0235) is of immediate and urgent concern to any server administrators and we have already updated all our services so they are patched.
The GHOST exploit affects the gethostbyname functions in the GNU C Library (glibc), which is a key component of all Linux systems. Because many software programs rely on these functions, Linux machines are vulnerable to this exploit, and a successful attack can gain complete control of the system without prior knowledge of logins or passwords.
At Two Superior we take security seriously and keep a close eye on what happens around us. All of our servers are kept regularly updated with the latest security fixes. If you are a Two Superior customer and have any questions or concerns feel free to get in contact with us!
There is a simple way to check to see if you are vulnerable to GHOST. Simply try the following line of code in your command line:
chmod +x ghost-checker
If your system returns with "VULNERABLE", your system is vulnerable to GHOST.
To patch against this vulnerability, enter in the following commands for your OS:
sudo apt-get update; apt-get install --only-upgrade glibc*
sudo yum clean all; sudo yum update glibc
Once you have patched your system, you will need to reboot it. It is vitally important to reboot your server after you have run the commands, as without a reboot, your system will continue to use the old files rather than your new, updated files.
Monday 29th June 2015 - We are pleased to announce the new Harbron Recruit website is now live! Harbron Recruit got in touch with us recently, as they wanted their Wordpress site moving to a bespoke platform and also wanted to extend their site with custom functionality.
Tuesday 28th April 2015 - Just as your screens and internet connections leap into the future, so should your website!
Thursday 23rd April 2015 - Google has now released it’s new mobile search algorithm and has released a handy tool to help you check your website.
Wednesday 15th April 2015 - Sometimes you find that your web browser just doesn’t have that certain feature that you want. Extensions and plugins have come to the rescue, but are the extensions or plugins you have installing from a trusted source?
Friday 10th April 2015 - Quite often when we need to write a large amount of code to complete a particular task we’ll first look to see if someone has already written an open source library which we can use instead of spending hours or days writing something that will do that same thing.