🤑 It doesn’t get more affordable. Grab this 60% OFF Black Friday offer before it disappears…CLAIM SALE

Linux makers release patch to thwart new 'Ghost' cyber threat

Published 27/01/2015, 21:59
© Reuters.  Linux makers release patch to thwart new 'Ghost' cyber threat
RHT
-

BOSTON (Reuters) - Red Hat Inc and other makers of the widely used Linux operating system for business computers updated their software on Tuesday to thwart a serious new cyber threat they warned could allow hackers to gain remote control of their systems.

The previously undisclosed vulnerability, dubbed "Ghost," is deemed critical because attackers could exploit it to covertly gain complete control of a targeted Linux system, according to cyber security firm Qualys, which uncovered the bug.

To highlight the severity of the risk, researchers identified a way to craft malicious emails that could automatically compromise a vulnerable server without the email even being opened, said Amol Sarwate, director of engineering with Qualys.

The firm has not released that code and has yet to develop other methods for attacking other types of Linux systems, including servers that run websites.

Sarwate knows of no cases in which hackers exploited the Ghost vulnerability to date, but suspects that motivated hackers could figure out how now that the bug has been disclosed.

"We were able to do it. We think somebody with good security knowledge would also be able to do it," he said.

The vulnerability is caused by a security flaw in the open-source Linux GNU C Library, which is used by Red Hat and other Linux software makers, according to Qualys.

It is called GHOST because it can be triggered by what are known as gethostbyname functions.

Qualys uncovered the bug following discoveries last year of high-profile vulnerabilities, including Heartbleed and Shellshock, which were caused by security flaws in other kinds of widely used open-source software.

"It won't be as widespread as those flaws, but it is widespread enough that IT operations at many companies are scrambling to patch," said Chris Wysopal, chief technology officer of security software firm Veracode.

Red Hat, the No. 1 provider of Linux software to businesses, recommends that customers update their systems "as soon as possible to mitigate any potential risk," said company spokeswoman Stephanie Wonderlick.

Other vulnerable software includes some of the Debian, CentOS and Ubuntu versions of Linux, according to Qualys.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.