Haunting Your Server: The Newly Discovered “Ghost” Vulnerability
Software security researchers have recently identified a bug in the Linux GNU C Library (shorthand: glibc) that provides hackers with the ability to take remote control of an entire system without having any prior knowledge of the system’s credentials. Qualys, a security firm out of California, identified GHOST and disclosed their discovery Tuesday.
This security issue is a critical one and affects an enormous number of systems on the Internet. Due to its seriousness and its widespread possible affect, there is a large amount of media coverage that you can look to if you would like to find out more information about Ghost:
Scary ‘Ghost’ vulnerability leaves Linux systems vulnerable to possession
GHOST, a critical Linux security hole, is revealed
Highly critical “Ghost” allowing code execution affects most Linux systems
or simply do a search for “Ghost vulnerability”.
We want to let you know that at this time, all shared servers, as well as Cloud VPS and Dedicated Servers that we have access to have been patched for this vulnerability. As long as you have not manually/by choice removed our access keys, your server will have been patched in our update and you don’t have anything to worry about.
If you manage your own server and have removed our access, we are unable to secure your machine for you. We encourage you to patch this issue immediately, as the security issue is a critical one. If you have any questions, or would like to add our access back so that we can secure your server against this vulnerability for you, please contact support.
If you would like to verify and test your server yourself, there is a pretty comprehensive article over at the nixCraft blog on how to test and patch a variety of Linux Distributions.