Protecting Linux Servers Against Glibc Vulnerability

linux servers Glibc Vulnerability

What is Glibc Vulnerability?

Not too long ago, a critical vulnerability has been discovered in GNU C Library, which is an instrumental component of Linux distributions. It is also being referred as GHOST vulnerability which is causing all Linux machines, Linux based apps and devices prone to the hackers.

Who are affected?

Almost all the Linux based servers are affected by this vulnerability in some or other way. Servers running on Linux with Glibc 2.9 or the superior version can be seriously exploited by the hackers if not patched up soon. In addition to this, several web frameworks and other services such as sudo, curl, ssh, Rails, PHP etc. that are making use of open source GNU C Library are also vulnerable to hackers.

How it Works?

The hackers may identify a vulnerable system and then send an attack by forcing the system to make custom DNS queries. These queries will be generated through domain names which are controlled by the hackers. Then after a custom response is generated by the controlled DNS servers. Their hacking attempt will ultimately lead to two possibilities- Either the library would crash or the hacker will get a successfully get the remote execution code. Whichever be the case, the attacker will be able to manipulate the system and tamper with the DNS replies using malicious codes in the affected system.  

How to protect Linux servers against Glibc vulnerability?

Fixing the issue for Linux servers are quite easy. The security patch is available and the server managers just need to download and install the security update. For other affected users, the security patches are not easily available. The apps need to be recompiled with the updated Glibc version. But they will have to wait for the release of updates from the developers.

However, they can minimize the chances of system intrusion by doing a little modification in DNS replies settings. Limit all the DNS replies to 1024 bytes and drop UDP DNS packets to larger than 512 bytes.

If you want an immediate help for security of your servers in US, contact our experts here.