By now you have probably heard about the enormous security flaw that was recently discovered that, experts say, left thousands of applications and devices vulnerable to remote attacks and control. It is a flaw that has been around since 2009, and has the potential to affect any server that is running any post-2008 version of the Gnu C open source library called glibc. It is the function getaddrinfo() within the glibc library that has the flaw, and it is so widely distributed that it is impossible to estimate just how many applications and hardware installs are running the flawed versions (of which there are at least 7 main version and dozens of incremental update versions).
getaddrinfo() is the function used by software and devices that do domain lookups (think “DNS queries”). Which would be, well, a whole lot of programs and hardware.
Arstechnica calls it “a potentially catastrophic flaw in one of the Internet’s core building blocks,” and they’re right.
Fortunately, as soon as it was brought to their attention, the maintainers of the glibc library released a patch, which you can find here: Patch to fix the glibc library getaddrinfo() buffer overflow vulnerability
Unfortunately, while applying the patch will be relatively simple for those who actually run servers with the affected software, and know what they’re doing, the glibc library has been compiled into countless apps and software distributions, meaning that end users are using programs and apps containing the affected glibc, and will be unable to do anything about it. They will be stuck waiting for the software providers to recompile the software and release an updated version with the patched glibc library.
All that said, if you have websites or other Internet-related services that are hosted at an Internet service provider, your Internet service provider should be taking care of this for you.
As one Internet service provider, LiquidWeb, advised their customers:
A vulnerability has been discovered via a stack-based buffer overflow that was found when libresolv libraries perform dual A/AAAA DNS
queries. This could, potentially, allow a remote attacker to create a
specially crafted DNS response, gaining permissions of the account owner
and enabling them to execute malicious code. The potential exploit of
the GNU C Library (glibc) was recently discovered and has been assigned
Liquid Web package repositories have been updated and managed servers
(barring those with updates disabled) will get an automatic update that
patches this vulnerability. A reboot will still be required in those
cases in order to ensure all potential threats have been neutralized. If
you are receiving this message, our records indicate that you may still
need to ensure that you have a patched update and/or take action to
reboot at your earliest convenience. In order to ensure the peak
security of our customers, we will be proactively patching and
initiating reboots on February 18th (2016) at 10:00PM (EST) for all
remaining vulnerable servers that we can access.
|Get notified of new Internet Patrol articles!
You might also like some of our other articles: