What is Ghost i.e security hole in the Linux?
Ian Malone
ibmalone at gmail.com
Thu Jan 29 14:54:43 UTC 2015
On 29 January 2015 at 02:17, Tim <ignored_mailbox at yahoo.com.au> wrote:
> Allegedly, on or about 28 January 2015, Doug sent:
>> ... A remote attacker able to call either of these functions could
>> exploit the flaw to execute arbitrary code with the permissions of the
>> user running the application....
>
> All these security flaws come with the usual "flaw allows escalation of
> privileges, able to execute arbitrary commands..." red flags, but rarely
> give an understandable note about how easily an external hack can begin
> the attempt while the user is doing something ordinary that exposes them
> to the thing.
>
> i.e. It's all jargon aimed at programmers.
>
> In the dim and distant past, when I had a brief dalliance with Windows
> before Linux became realistically usable, you'd commonly get warnings
> about flaws which gave understandable information. e.g. Opening a
> malicious attachment, or even just reading a malicious email, with
> version of <particular> program less than x.y, allows the hacker to do
> destructive things to your system.
>
> I know I've vagued-up the example, but you've got a sample of something
> that you might actually do - simply read an email, not even do anything
> with the attachments, get a virus because your email program stupidly
> executes something embedded in it. That's probably less of a risk to
> Linux users, because we've never had stupid software like Outlook or
> Outlook express. But we've certainly got browsers with flash plug-ins
> installed, which (flash) has always been a security nightmare, and it's
> just not feasible to simply forbid it; so many websites that we
> regularly want to use would simply fail to work.
>
This is to do with the nature of the exploit. You are /potentially/
vulnerable if you access the internet.
As https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
notes, this is a vulnerability which programs may not run into at all
depending how they use the functions in question. You could find out
by doing a code audit on every program you use, or you could apply the
fix.
Warnings about opening emails and such things are to do with threat
vectors. Here the vector is that function and the thing to do to close
it is get a fixed glibc. If your email program is prone to running
javascript or something not opening the email is a work around for
something that needs to be fixed, it might seem nice to have advice
that keeps you safe, but it's a bit like telling someone they
shouldn't use a switch because the housing is live, the safe thing to
do is fix the problem.
--
imalone
http://ibmalone.blogspot.co.uk
More information about the users
mailing list