A new security vulnerability in the GNU C Library (Glibc) (a core component in Linux distributions), has been uncovered by Google researchers. GNU C Library is a collection of open source code that powers thousands of applications and Linux distributions. This breach leaves nearly all Linux machines, applications, and electronic devices vulnerable to hackers.

This new vulnerability is very similar to last year’s Ghost vulnerability that left countless Linux machines vulnerable to remote code execution attacks (virtual booby traps). The vulnerability resides in Glibc’s DNS client-side-resolver which is used to translate names like google.com into an IP address. When an affected app or device makes queries to a malicious DNS server, the malicious DNS server can flood said device with code that takes over an entire system. The vulnerability makes it possible to also inject the domain name into server logs which could trigger a remote code execution as well.

All versions of Glibc after 2.9 are at risk–that means any software that connects to things on a network or the internet can leave your computer vulnerable.

So how did this happen?

Well, Google researchers found out that the error was caused by a buffer overflow bug inside the Glibc library. This bug made malicious code execution attacks possible. For those fond of technical explanations Google engineers explained the issue:

“glibc reserves 2048 bytes in the stack through allocate() for the DNS answer at _nss_dns_gethostbyname4_r() for hosting responses to a DNS query. Later on, at send_dg() and send_vc(), if the response is larger than 2048 bytes, a new buffer is allocated from the heap and all the information (buffer pointer, new buffer size and response size) is updated.”

“Under certain conditions, a mismatch between the stack buffer and the new heap allocation will happen. The final effect is that the stack buffer will be used to store the DNS response, even though the response is larger than the stack buffer and a heap buffer was allocated. This behavior leads to the stack buffer overflow.”

If you are running linux, you need to update as soon as possible. Updates are now available from all major distributions and you can apply the fix by simply running update (with apt-get or yum) from terminal.  After the update is applied you need to reboot the system or restart all affected services.

Shortly after publication of this security issue TorGuard immediately updated all servers. Users can rest assured TG services are not vulnerable and our network team continues to monitor the latest security developments at all times.

Share this post