Following Qualys’ recent announcement on the GHOST vulnerability affecting Linux, Apostolis Mastoris, Security Consultant, MWR InfoSecurity, says:
“GHOST has its origin in a flaw that was well hidden for almost 15 years in one of the most popular open-source libraries. The vulnerability was initially discovered and fixed back in 2013, however, it was not classified as a security issue. Thus, many of the systems operating on long-term-support Linux distributions may still be liable to compromise in case they incorporate software that supports earlier versions of the library.
“Linux-based software like Apache, nginx, CUPS that are used on a daily basis and they expose services on the Internet are implemented using a version of this library. System administrators should address the vulnerability promptly in order to reduce the security risk their systems are exposed to. In addition, the vulnerability disclosure points out the importance of placing application's source code under security scrutiny in order to recover similar flaws that could allow attackers to compromise local or remote systems.”