Customer Alert: “GHOST” Vulnerability on Linux Systems

By | January 30th, 2015|Uncategorized|

Ghost VulnerabilityOn January 27, 2015, Qualys, Inc., the leading provider of cloud security and compliance solutions, announced that its security research team discovered a vulnerability in the Linux GNU C Library known as (glibc). This vulnerability, called “GHOST (CVE-2015-0235),” allows attackers to remotely take control of a system without having prior knowledge of system credentials. This exposure can be triggered by a buffer overflow in a system library that affects many, if not most, Linux distributions.

The recommended resolution for addressing the GHOST vulnerability is to apply the latest patches, which have been specifically developed to address this issue, distributed by your Linux vendor.

CSID customers should be assured that we have evaluated our systems for any exposure and patched our Linux servers in all environments, up to and including Production. We strongly recommend that our customers running Linux-based systems take the same proactive approach with respect to any and all machines that are potentially vulnerable to the GHOST vulnerability.

For more information, please visit the Qualys Security Advisory.

Customer Alert: ‘Shellshock’ Bug

By | September 26th, 2014|Uncategorized|

On September 24, 2014, Red Hat, Inc., the software company that provides a version of the Linux Operating System, indicated that its security team discovered a vulnerability in the command line interface functionality known as “Bash” (Bourne-Again Shell). This vulnerability, called “Shellshock,” is believed to pose a larger threat than the Heartbleed vulnerability that was discovered in April 2014. Shellshock poses a serious threat because cyber criminals could exploit the vulnerability and execute arbitrary code in order to gain control of servers. This exposure extends to any Unix and Linux machine via Web requests, CentOS machines, Mac computers, or any program that runs software with Bash functionality.

The recommended resolution for addressing the Shellshock vulnerability is to apply the latest patches, which have been specifically developed to address this issue, distributed by the Operating System (OS) vendors, e.g., Red Hat, Apple and others. Please note, however, that the current patch set is under development and may not provide complete protection from this vulnerability.

CSID customers should be assured that we have evaluated our systems for any exposure and patched our Linux servers in all environments, up to and including Production. We will continue to test and apply security patches to our servers as they become available from the OS vendors.

We strongly recommend that our customers take the same proactive approach with respect to any and all machines that potentially have the Bash Security Vulnerability.

For more information, please visit the Red Hat Security Blog.

Update: Apple has released updates to insulate Mac OS X systems from teh dangerous “Shellshock” bug. Patches are available from the following links for OS X Mavericks, Mountain Lion and Lion.

 

Load More Posts
WordPress › Error

There has been a critical error on this website.

Learn more about troubleshooting WordPress.