GHOST: Another Security Bug Hits Linux, But is it That Bad?

Heartbleed is not even a year behind us, and the open source world has been hit with another major security vulnerability in the form of GHOST, which involves holes in the Linux glibc library. This time, though, the actual danger may not live up to the hype.

The GHOST vulnerability, which was announced last week by security researchers at Qualys, resides in the gethostbyname*() functions of the glibc library. glibc is one of the core building blocks of most Linux systems, and gethostbyname*(), which resolves domain names into IP addresses, is widely used in open source applications.

Attackers can exploit the GHOST security hole to create a buffer overflow, making it possible to execute any kind of code they want and do all sorts of nasty things.

All of the above suggests that GHOST is bad news indeed. Fortunately for the open source community, however, the actual risk appears small. As TrendMicro points out, the bug that makes the exploit possible has been fixed in glibc since May 2013, meaning that any Linux servers or PCs running more recent versions of the software are safe from attack.

In addition, gethostbyname*() has been superseded by newer glibc functions that can better handle modern networking environments. Those include ones that use the IPv6 protocol, which gethostbyname*() doesn’t support. As a result, newer applications often don’t use the gethostbyname*() functions, and are not at risk.

And perhaps most importantly, there’s currently no known way of executing GHOST attacks through the Web. That greatly reduces opportunities for using this vulnerability to steal the data of unsuspecting users or otherwise wreak havoc.

All in all, then, GHOST doesn’t seem like a vulnerability that will prove as serious as Heartbleed or Shellshock, two other recent security problems that affected widely used open source software.