The Ghost Vulnerability | Important Cyber Security Notification

Important Notification: Ghost Vulnerability

by David Dwyer on 28/01/2015

Important Notification:Why you can't ignore the Ghost Vulnerability

IMPORTANT NOTIFICATION:

A vulnerability for GLIBC has been announced at https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability. This security flaw allows an authorized person to take control of Linux machine through a buffer overflow in the GetHost functions of GLIBC. The vulnerability is being referred to as GHOST.

We strongly suggest that all non-Inspire customers immediately patch their Linux systems. You can verify the version of the RPM package that is on your server through the change log. Log into your machine at root and run the following command:

rpm -q --changelog glibc | grep CVE-2015-0235

Any system that does not return a result:

[root@server ]# rpm -q --changelog glibc | grep CVE-2015-0235
- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #-----).
is not patched. These machines can be updated by running the follow command at root:

yum clean all ; yum update glibc

It will be necessary to reboot your machine after this update is complete. Once the machine is back online run the original command of
rpm -q --changelog glibc | grep CVE-2015-0235
and verify that your system is patched.

Inspire customers need not worry as we have already applied this as part of their Support & Maintenance package.

However we understand that not all non-Inspire customers will be comfortable with this process. If you'd like Inspire to help please contact us via our Contact Us page.

This vulnerability is rated as severe. We strongly encourage you to take action immediately.

Follow Inspire on Twitter @inspireltd and @developersos

Developer SOS, Inspire Web Development, Inspire Web Services, Outsourced Web Development, Security, Systems Administrator, The Evolving Web, The Ghost Vulnerability, Website Support, Website Vulnerabilities

0 COMMENTS

Interested in working with us?
Leave a comment

Animated background headers

The rise and rise of mobile.

Animated background headers

The rise and rise of mobile.


Name*	:
Email*	:
Comment*	:
To comply with data protection regulations (2018), we are unable to store and use your information unless you give us your permission. Please select Yes to allow this. View our data protection policy for details.*


* Fields are mandatory

We regularly send out tips and guidance notes. Join our Mailing List and get our "Better Site Playbook"

FREE 20 MINUTE WEBSITE CONSULT

Unlike many web design or marketing agencies, we do not run automated software and send you out a long technical Website Review Report on what you or indeed your last developer have missed.

We recognise that the web is evolving at a tremendous pace, one real month is equal to one web year, so what was delivered just a few years ago, may very well be looking tired and dated.

At the four BNI Groups we are members of, we are fully signed up to Givers Gain and offer referral clients 20 minutes of our consultancy time (at no charge).

We cover a range of areas such as "What is the objective of your website?"; "What is your business model?"; "Who is your audience?"; then we can cover User eXperience; Usability; Site Analytics; Search Engine Optimisation (On-Site).

We know the value of both your and our time but we also know that we're keen to build relationships and this approach is the first building block in establishing that mutual trust and respect.