WHAT'S HAPPENING?
A highly critical vulnerability in the GNU C Library (glibc) affecting versions between 2.2 and 2.17 has been announced. Dubbed the GHOST vulnerability, it allows attackers to remotely take complete control of a vulnerable system without needing any prior knowledge of system credentials.
WHO IS AFFECTED?
Users managing outland Linux systems running vulnerable versions of glibc, a core part of the Linux operating system. A partial listing of known vulnerable distributions includes Debian 7 (wheezy), Red Hat Enterprise Linux 4-7, CentOS 4-7, and Ubuntu 12.04.
WHAT DO YOU NEED TO DO?
TSO recommends the following actions:
Affected users should apply patches or other mitigating steps according to their distributions as soon as possible. Following the patch, the system must be rebooted.
Red Hat Enterprise Linux users with affected systems should refer to http://access.redhat.com/security/cve/CVE-2015-0235 for further details.
Debian users with affected systems should refer to http://security-tracker.debian.org/tracker/CVE-2015-0235 for further details.
Ubuntu users with affected systems should refer to http://launchpad.net/ubuntu/+source/eglibc for further details.
Additional details are available at
http://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
and
http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/
and
http://www.openwall.com/lists/oss-security/2015/01/27/9
WHO SHOULD YOU CONTACT FOR QUESTIONS?
TSO Help Desk (CCB 148, 404.894.7065, helpdesk@cc.gatech.edu).