Understanding the ramifications of the CVE-2015-0235 glibc (GHOST) security vulnerability
20 February 2015 10:08 AM
In early 2015, a significant security vulnerability was found in the glibc package. Glibc is an implementation of the standard C library and is a core part of all our currently supported Linux distributions. A code audit was performed by the Qualys research group and the following security advisory was made available:
What does the GHOST vulnerability do?
It is called as the GHOST vulnerability as it can be triggered by the GetHOST functions. A blog post released by Qualys describes the vulnerability as:
"a buffer overflow in the __nss_hostname_digits_dots() function of glibc. This bug can be triggered both locally and remotely via all the gethostbyname*() functions. Applications have access to the DNS resolver primarily through the gethostbyname*() set of functions. These functions convert a hostname into an IP address."
What do I need to do to guard against this?
We recommend starting by briefly reading the following articles to understand the changes that have been made and if you manually patch your systems, ensure that you update your glibc library to ensure the vulnerability is patched:
If you're using another Linux distribution, start by looking at the references linked on this page and if you're in any doubt, please contact your vendor directly for advice:
What are MarkLogic doing about this?
We are well aware of the issue and advise that all customers always keep their systems up-to-date in order to guard against this and other similar vulnerabilities.
The performance of MarkLogic will not be impacted by the patched glibc library, so updating as per the instructions provided by your vendor is recommended.
In addition, we are adding an additional layer of security into the product to shield unpatched systems from this vulnerability. This patch is available immediately for any users who have already upgraded to MarkLogic 8 and we have already patched MarkLogic 6 and 7 and the next available releases (6.0-6 and 7.0-5 at the time of writing) will work to guard against this vulnerability.
For patched releases of the product, if anyone attempts to exploit the vulnerability, the server will terminate the query and throw an exception.
If you run MarkLogic 8 on an unpatched system, you will see the following message when you start MarkLogic on the host:
MarkLogic 8 is available for download at: