Definition
The GHOST bug is a weakness in the GNU C Library (glibc) that enables malicious actors to prompt a buffer overflow on Linux gadgets.
The buffer overflow may compel the victim’s device to execute various tasks. The GHOST bug impacts the glibc library. Functions ‘gethostbyname2()’ and ‘gethostbyname()’, which sort out domain names to their IP addresses.
Note: You shouldn’t confuse the GHOST bug with ‘ghost glitches’ (ghost bugs), user-reported software issues that programmers can’t recreate.
GHOST Bug History
The GHOST bug was initially detected by a security company, Qualys, in 2015. Researchers discovered that the `_nss_hostname_digits_dots()’ feature could result in a butter overflow. The phrase ‘GHOST’ in ‘GHOST bug’ refers to the ‘GetHOST’ group of functions that trigger the weakness.
Preventing the GHOST Bug
- The affected library was resolved in 2013 before the vulnerability was identified. The GHOST bug no longer affects modern Linux devices.
- To remove the GHOST bug, upgrade glibc on older Linux devices.
- When the GHOST bug was identified, Linux distributions released security updates for any possibly affected devices. If you use a pre-2013 Linux device, download the most recent security patch from your Linux distribution’s site.
Examples of GHOST Bug
- Exim Mail Server: Exim, the most popular transfer agent on Linux systems, was discovered to be at risk of the GHOST bug. Exploiting this server program could have enabled an attacker to share a specially composed email with a server operating Exim, potentially compromising the system.
- WordPress Hosting Environments: WordPress site hosting environments configured on Linux-based servers with the affected models of glibc were also vulnerable. An attack could have resulted in unauthorized access to the server, allowing an attacker to alter or erase files, steal personal data, or launch further attacks on the compromised system.
- Internet of Things (IoT): Most IoT devices running Linux-based operating systems and employing the impacted glibc models were vulnerable to the GHOST bug. This may have resulted in hackers compromising smart devices and using them as a botnet or for other malicious acts.
