What is the GHOST Vulnerability and how can I prevent it?

This article applies to 123 Reg Servers running Linux

What is the GHOST Vulnerability?

The GHOST vulnerability is an exploit recently discovered in Linux servers that can be used to gain control of a system with out prior knowledge of system logins and passwords.

This exploit affects the gethostbyname functions in the GNU C Library (glibc). This library is a key component of all Linux systems, and as many software programs rely on these functions, it means that Linux machines are vulnerable to this exploit.

How do I test to see if my server is vulnerable?

To test if your server is vulnerable, you can run the following line of code in your command line:

wget http://mirrors.uk.heg.com/ghost/ghost-checker
chmod +x ghost-checker
./ghost-checker

Your system will return either All Good – Not Vulnerable or VULNERABLE.

If your system returns VULNERABLE you can use the instructions below to fix the vulnerability.

How can I patch against this vulnerability?

To secure your server again the GHOST vulnerability, you can run the following commands:

Ubuntu

sudo apt-get update; apt-get install –only-upgrade glibc*

CentOS

sudo yum clean all; sudo yum update glibc*

These commands will update your server with any available patches. Once you have run this patch, you will need to reboot your system.

Please note: It is vitally important to reboot your server after you have run the commands.

Until you reboot, your system will continue to use the old files, rather than your new, updated files.