GHOST Attack


Another exploit has been discovered which affects many Linux servers. The moniker is GHOST.

During a code audit performed internally at Qualys, we discovered a
buffer overflow in the __nss_hostname_digits_dots() function of the GNU
C Library (glibc). This bug is reachable both locally and remotely via
the gethostbyname*() functions, so we decided to analyze it — and its
impact — thoroughly, and named this vulnerability “GHOST”.

As of yesterday all our servers were patched with the newest glibc version.