U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Linux "Ghost" Remote Code Execution Vulnerability

Original release date: January 27, 2015 | Last revised: February 04, 2015

The Linux GNU C Library (glibc) versions 2.2 and other 2.x versions before 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

US-CERT recommends users and administrators refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch if affected. Patches are available from Ubuntu, Red Hat, and Debian. The GNU C Library versions 2.18 and later are also available for experienced users and administrators to implement.

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top