Warning! Linux is being haunted by a G-G-G-GHOST vulnerability

Date: 01/31/2015

Warning! Linux is being haunted by a G-G-G-GHOST vulnerability

By Cheetah Mobile

Jan 28, 2015

A critical vulnerability called GHOST has been found in glibc, the GNU C library, which affects all Linux systems dating back to 2000. Attackers can use this flaw to execute code and remotely gain control of Linux machines. The CVE code of GHOST is CVE-2015-0235.

Attackers can use this flaw to gain system priviliges, which means the data we use frequently and store on webpages can easily be stolen. This includes account names, passwords, credit card information, purchase history and private photos. What’s worse, hackers can use this flaw to secretly implant viruses on sites and endanger user at any moment.

At present, the vulnerability affects Linux system of glibc library version 2.2-2.17, including:

CentOS 6 & 7

Debian 7

Red Hat Enterprise Linux 6 & 7

Ubuntu 10.04 & 12.04

Android systems are currently unaffected.


If you happen to be a geek who knows Linux very well, we suggest you enter these codes below ASAP to protect your system. Do not forget to restart your computer for the changes to take effect!

For users who use CentOS, Red Hat, Fedora, Scientific Linux etc. Please enter:

$ yum clean all && yum update


For users who use Debian, Ubuntu and other derived systems, please enter:

$ apt-get clean && apt-get update && apt-get upgrade


You can also update your system in the official GNU C Library website.

The CM Security Research Lab will continue working on GHOST and will come up with more solutions. Please stay tuned!



Qualys Advisory: https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

RedHat: https://rhn.redhat.com/errata/RHSA-2015-0090.html

Ubuntu: https://launchpad.net/ubuntu/+source/eglibc

Debian: https://security-tracker.debian.org/tracker/CVE-2015-0235

GNU C Library: http://www.gnu.org/software/libc/

Mitre: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235