This week a vulnerability in a foundational piece of software (the C language library used by Linux operating systems) was announced (CVE-2015-0235). It affects a particular function in the ‘glibc’ library file that has the potential to be remotely exploited if very precise (but uncommon) conditions exist on any of your externally, world-facing servers. The discoverers (Qualys) have taken to calling it the GHOST vulnerability as a contraction-of-sorts of the affected family of software functions: gethostbyname().
The good news is that the patch required is relatively easy to implement (and has been emerging from various vendors over the last 24 hours) and without some very specific pre-existing configurations, you were likely not to have been vulnerable prior to the disclosure and availability of the patches.
It is important to note that even though you may have already applied the patch there are some programs that dynamically link to the glibc functions in memory and will, to be safe, require a reboot of the server to ensure they are linking against the newly patched library.
At the time of this blog’s publication you should be able to initiate a Halo Software Vulnerability Analysis scan and be able to detect whether or not the version of glibc installed on your servers is vulnerable. For more information on how to run the scan, click here.