Researchers at Qualys discovered a buffer overflow vulnerability in the Linux GNU C Library (glibc) that, if exploited, could enable an attacker to remotely take complete control of a victim's system - all without having knowledge of system credentials. The high severity bug, CVE-2015-0235, was named 'GHOST' because it can be triggered by the 'GetHOST' functions, Qualys noted. Debian 7 (Wheezy), Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7, and Ubuntu 12.04 are among the systems that are affected, and other Linux systems using versions of glibc from 2.2 to before 2.18 are also at risk. Researchers said that the best way to protect against GHOST is to apply available patches from Linux distribution vendors.
展开▼
机译:Qualys的研究人员在Linux GNU C库(glibc)中发现了一个缓冲区溢出漏洞,利用该漏洞可以使攻击者远程完全控制受害者的系统-所有这些都不知道系统凭据。 Qualys指出,严重性高的漏洞CVE-2015-0235被称为“ GHOST”,因为它可以由“ GetHOST”功能触发。 Debian 7(Wheezy),Red Hat Enterprise Linux 6和7,CentOS 6和7以及Ubuntu 12.04是受影响的系统,使用glibc从2.2到2.18之前的版本的其他Linux系统也受到威胁。研究人员说,防止GHOST的最佳方法是应用Linux发行商提供的可用补丁。
展开▼