Understanding the ramifications of the CVE-2015-0235 glibc (GHOST) security vulnerability | MarkLogic Support

Knowledgebase

108Administration 8App Services 42Errors 144MarkLogic Server 52Performance Tuning

Knowledgebase:

Understanding the ramifications of the CVE-2015-0235 glibc (GHOST) security vulnerability 20 February 2015 10:08 AM
Introduction In early 2015, a significant security vulnerability was found in the glibc package. Glibc is an implementation of the standard C library and is a core part of all our currently supported Linux distributions. A code audit was performed by the Qualys research group and the following security advisory was made available: https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt What does the GHOST vulnerability do? It is called as the GHOST vulnerability as it can be triggered by the GetHOST functions. A blog post released by Qualys describes the vulnerability as: "a buffer overflow in the __nss_hostname_digits_dots() function of glibc. This bug can be triggered both locally and remotely via all the gethostbyname() functions. Applications have access to the DNS resolver primarily through the gethostbyname() set of functions. These functions convert a hostname into an IP address." https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability What do I need to do to guard against this? We recommend starting by briefly reading the following articles to understand the changes that have been made and if you manually patch your systems, ensure that you update your glibc library to ensure the vulnerability is patched: https://access.redhat.com/security/cve/CVE-2015-0235 https://rhn.redhat.com/errata/RHSA-2015-0099.html If you're using another Linux distribution, start by looking at the references linked on this page and if you're in any doubt, please contact your vendor directly for advice: https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability What are MarkLogic doing about this? We are well aware of the issue and advise that all customers always keep their systems up-to-date in order to guard against this and other similar vulnerabilities. The performance of MarkLogic will not be impacted by the patched glibc library, so updating as per the instructions provided by your vendor is recommended. In addition, we are adding an additional layer of security into the product to shield unpatched systems from this vulnerability. This patch is available immediately for any users who have already upgraded to MarkLogic 8 and we have already patched MarkLogic 6 and 7 and the next available releases (6.0-6 and 7.0-5 at the time of writing) will work to guard against this vulnerability. For patched releases of the product, if anyone attempts to exploit the vulnerability, the server will terminate the query and throw an exception. If you run MarkLogic 8 on an unpatched system, you will see the following message when you start MarkLogic on the host: `YYYY-MM-DD HH:MM:SS.sss Warning: Guarding against detected Linux glibc GHOST vulnerability` MarkLogic 8 is available for download at: http://developer.marklogic.com/products
(0 vote(s)) Helpful Not helpful

Comments (0)