The Linux GNU C Library (glibc) versions prior to 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. The vulnerability, nicknamed “GHOST” can be exploited to allow a remote attacker to take control of an affected system fter merely sending a malicious email. Linux distributions employing glibc-2.18 and later are not affected.
The Linux GHOST bug is considered extremely critical because attackers canexecute malicious code on servers used to deliver e-mail, host webpages, and other applications. It was originally identified last may, was not originaly deemed a security risk.
Red Hat, Debian, Ubuntu and Novell have issued fixes. It is advised administrators should patch as soon as possible.
GHOST affects the vast majority of stable Linux servers on the Internet,
Users and administrators should refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch if affected. Patches are available from Ubuntu (link is external), Red Hat (link is external), and Debian. The GNU C Library versions 2.18 and later are also available for experienced users and administrators to implement.