Linux users around the world are scrambling to update their operating systems, as a new flaw known as GHOST has been shown to have the potential to cause “a lot of collateral damage on the internet”. The new bug — which gets its name from the gethostbyname functions that are used to trigger it — could allow hackers to gain remote control of users’ systems. It then provides the ability to execute malicious code on servers used to deliver email and host web pages.
The flaw has been identified by cyber security firm Qualys, although it has not yet released that code publicly. However, Duo Security told Ars Technica that “there could be a lot of collateral damage on the internet if this exploit gets published publicly, which it looks like they plan to do, and if other people start to write exploits for other targets.”
There are no known cases of hackers having actually exploited the Ghost vulnerability to date. But the Qualsys teams explained that: “We were able to do it. We think somebody with good security knowledge would also be able to do it.”
Fortunately, a patch for the vulnerability exists, but most Linux versions used in production systems remain unprotected at the moment. Users are being urged to update their systems as soon as possible. [Reuters, Ars Technica]