contador pagina web Skip to content

a critical flaw in Linux allows remote control

Security experts from Qualys recently discovered a flaw affecting all Linux systems. Called "Ghost", it would allow hackers to take control remotely "of a whole system, completely without system identifiers."

Ghost Linux A fix was urgently developed with Linux editors, it is currently being released and already available from some OS distributions like Debian, Red Hat or Ubuntu.

The flaw was spotted in a GNU / Linux library called "glibc" integrated in all Linux distributions since it allows to manage low level system calls like opening a file or allocating memory space.

Only versions prior to glibc 2.18 appear to be vulnerable. "Unfortunately, very few Linux distributions have included recent versions of glibc, for compatibility reasons. This is why most are vulnerable."

The vulnerability is in the form of a buffer overflow in the gesthostbyname and gethostbyaddr functions which are called by Linux applications when they have to manage Internet connections and in particular with mail servers. A simple email sent to the server would allow access to the command line interface (shell) of a Linux system.

It is recommended to update Linux systems in order to eliminate the threat, which does not seem to have been exploited yet.

Qualys also raises the question of connected devices operating under Linux, such as modem routers or NAS drives: "In this case, they necessarily integrate the glibc library. But to create an attack, these devices must also use the vulnerable functions. You then have to find the right attack vector. It is not obvious a priori."

Still, some brands have announced an upcoming update of the most sensitive firmware.