On January 27, 2015, Qualys, Inc., the leading provider of cloud security and compliance solutions, announced that its security research team discovered a vulnerability in the Linux GNU C Library known as (glibc). This vulnerability, called “GHOST (CVE-2015-0235),” allows attackers to remotely take control of a system without having prior knowledge of system credentials. This exposure can be triggered by a buffer overflow in a system library that affects many, if not most, Linux distributions.
The recommended resolution for addressing the GHOST vulnerability is to apply the latest patches, which have been specifically developed to address this issue, distributed by your Linux vendor.
CSID customers should be assured that we have evaluated our systems for any exposure and patched our Linux servers in all environments, up to and including Production. We strongly recommend that our customers running Linux-based systems take the same proactive approach with respect to any and all machines that are potentially vulnerable to the GHOST vulnerability.
For more information, please visit the Qualys Security Advisory.