Researchers have found a vulnerability in the GNU C Library, GLIBC which makes Unix Based systems like Linux Servers prone to security attacks.

Eight Year Old Vulnerability Uncovers Devices to Attack, thousands apps

It has been estimated that hundreds of thousands devices including the apps using free software are vulnerable to such attacks. Also, all versions of GLIBC starting from v2.9 are believed to be vulnerable. The vulnerabilities and other bugs have been made available and server administrators are recommended to update their system at the earliest.

Google and Red Hat Researchers on Tuesday claimed that they have separately discovered the vulnerability in the GNU C Library, a set of open source codes which is used by many apps, hardware plus IOT Devices.

The Bug was first found in 2008 and it lies in a function called getaddrinfo(), which is designed in such a way to let users to give users domain name look-ups.

The vulnerability can be manipulated when the app or the device which is vulnerable requires translation of a Web Address into numerical IP address from a compromised domain name or server. Also, this big permits the attacker to control and manipulate data which is passing between a compromised app or device to the Web. Also, it allow the attacker to do some remote code execution.

Security researcher Kenn White tweeted on Twitter “No, seriously, patch glibc today. This is bad”.

“We were able determine that the issue could result in remote code execution,” researchers at Google wrote in a blog post. “Our initial investigations showed that the issue affected all the versions of glibc since 2.9. You should definitely update if you are on an older version though. If the vulnerability is detected, machine owners may wish to take steps to mitigate the risk of an attack.”

However computers running on Windows, iOS, OS X or Android will not be affected. API Web Services and other Web Frameworks such as PHP and Phython are affected by this bug.

The Google’s Researcher also grabbed golden chance to let people know that “Free Software Projects” not always get patched on time. Google came to know about this bug last year.

Also, the patch is now available online and those affected by this bug may visit this link.

If you loved this article, feel free to share it !

LEAVE A REPLY

Please enter your comment!
Please enter your name here