Linux makers update software to stop 'Ghost' cyber threat

A number of manufacturers of the Linux operating system, including Red Hat, updated their software to prevent a major online breach that could allow hackers to take over their systems.

The bug – also known as 'Ghost', was uncovered by cyber security firm Qualys and is considered to be critical because attackers could take advantage of it to covertly gain complete control of targeted Linux systems.

To emphasise the seriousness of the threat, Amol Sarwate, director of engineering at Qualys, said that it was possible to craft malicious emails that automatically affected a vulnerable server without the email even being opened.  

Although no breaches were identified to date by exploiting the Ghost vulnerability, Sarwate said that it was a matter of time until hackers figured out how to do it now that the bug has been disclosed.

"We were able to do it. We think somebody with good security knowledge would also be able to do it," he added.

The vulnerability is caused by a security flaw in the open-source Linux GNU C Library, which is used by Red Hat and other Linux software makers, according to Qualys.

It is called Ghost because it can be triggered by what are known as gethostbyname functions.

Other vulnerable software includes some of the Debian, CentOS and Ubuntu versions of Linux, said Qualys.

The cyber security firm has previously identified two high-profile vulnerabilities, Heartbleed and Shellshock.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them