A new security vulnerability in the GNU C Library (glibc) (a basic component in the Linux distributions), was discovered by researchers from Google. GNU C Library is a collection of open source code that powers thousands of applications and Linux distributions. This gap leaves almost all machines, applications and Linux electronic devices vulnerable to hackers.
This new vulnerability is very similar to the Ghost vulnerability last year that left countless Linux machines vulnerable to remote code execution attacks (virtual traps). The vulnerability lies in the DNS resolver client side Glibc which is used to translate names like google.com into an IP address. When an application or device is concerned requests to a malicious DNS server, the malicious DNS server can flood the said device with the code that supports an entire system. The vulnerability also allows to inject the domain name in the server logs that could trigger a remote code execution as well.
All versions of glibc after 2.9 are at risk which means any software that connects to things on a network or the Internet may leave your computer vulnerable.
So how did this happen?
Well, Google's researchers found that the error was caused by a buffer overflow bug in glibc library. This execution of malicious code bug possible attack. For those who like technical explanations Google engineers explained the problem:
"glibc reserves 2048 bytes in the stack to allocate () for the DNS response to _nss_dns_gethostbyname4_r () for lodging replies to a DNS query. later, send_dg () and send_vc (), if the response is greater than 2048 bytes, a new buffer is allocated in the heap and all information (pointer buffer, new size of the buffer and the response size) is updated. "
" Under certain conditions, a lag between the buffer battery and the new heap allocation occurs. the final effect is that the buffer stack will be used to store the DNS response, even if the answer exceeds the stack buffer and assigned a buffer. This behavior leads to overflow the buffer battery. "
If you use Linux, you should update as soon as possible. The updates are now available from all major distributions and you can apply the patch just run the update (with apt-get or yum) terminal. After the update is applied to bet, you must reboot the system or restart all the services concerned.
Shortly after the publication of this vulnerability TorGuard immediately update all servers. Users can rest assured TG services are not vulnerable and our team network continues to follow the latest security developments at all times.
0 Komentar