Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

SEVEN THINGS YOU NEED TO KNOW ABOUT THE “GHOST” VULNERABILITY

computer security signpost

Szilard Stange, Director of Product Management, OPSWAT

Another vulnerability shocked the Linux world on 27th January. The Qualys security research team found a critical vulnerability in the Linux GNU C Library (glibc) that allows attackers to remotely take control of an entire system without having any prior knowledge of system credentials – according to Qualys reports.

What does it mean for you as an Internet user and what does it mean for Linux system administrators? Was it really a shocking event? Here’s everything you need to know.

  1. What is “GHOST”?

“GHOST” is the name of a vulnerability recently found in one of the key components of Linux systems. The component is the Linux GNU C Library that is used by all Linux programs. The vulnerability has been found in a function of this library that is used to convert Internet host names to Internet addresses.

If an attacker found vulnerable software and a way to transfer a properly crafted host name up to this function then theoretically the attacker could take over the control of the system.

  1. How widespread is it?

This vulnerability affects almost all major Linux distributions, except a few such as Ubuntu 14.04. Millions of servers on the Internet contain this vulnerability.

What does it mean? It means that the vulnerability exists on servers but there should be certain conditions met to render the server remotely attackable. According to Qualys’ report, they have found an email server software called Exim that is remotely exploitable. There is no recent and full deployment share report showing how many public Exim servers are on the Internet, however it has a measurable “market” share but according to some old reports its maximum just  few percent.

Note that to have an exploitable Exim-based email server one has to configure extra security checks for the HELO and EHLO commands of the SMTP protocol.

Fortunately Qualys found that many well-known Linux-based web, email and other server software are not affected by this vulnerability like Apache, nginx, OpenSSH, syslog-ng.

So we can say that apart from that the vulnerability could be found on many servers actually the remotely attackable share of these servers is low.

  1. How can I secure my Exim email server?

First of all deploy security fixes to all affected Linux servers as soon as possible. All major distributions have released security patches on the same day the security advisory published the vulnerability.

Keep in mind that to make security patch effective all affected software has be restarted. Many distributions do this automatically during glibc update but many of them leave this job for you.

Please make sure that your Exim server is restarted. This restart causes an SMTP service outage but normally this is only a few seconds and your email server users should not have any major issue because of this. If there was any ongoing SMTP connection – sending or receiving email – that would be aborted due to the restart and then the other side or the Exim will resend the email shortly.

In similar cases the possible impact of an unplanned outage is much lower than the possible impact of a successful attack.

  1. Could an attacker do anything else than just take control of an email server?

There is no exact answer to this question. It depends on your deployment and configuration. If you use Exim just for front-end server as a smart host then the attacker can have access to your emails. If your email system is separated, and you do not store any credentials – passwords, SSH private keys, etc. – on the affected servers, then the impact could be relatively low. But if your Exim server hosts the mailboxes and/or has another server software on it then the attacker can have access to your data and in worst case to your other systems also.

If you suspect that your server is attacked successfully, remove the server from operation immediately, plug out all network connections and execute your emergency plan. Do you have plans for such scenarios? You should…

If you do not have such an emergency plan then maybe the easiest and most secure way is to reinstall the whole system.

  1. Are my Linux servers safe now?

If you deployed security patches quickly and you have checked that your server software were not affected and/or there is no sign of any attack then you can sit back.

However we don’t have information on all software mainly we don’t know how much 3rd party software is affected. For example many email security, anti-spam software process email headers and take every Received: header line and they try to resolve host names found in these headers to check them against bad IP databases. So theoretically a specially crafted email message can contain exploit code.

Of course this is only a speculation but it points out that we can never be cautious enough because sometimes the possible consequences of vulnerability cannot be predicted.

It is better to take more attention to your servers, log files and web sites of your Linux distribution and also the web sites of vendors of any 3rd party software you use on your servers in the next few days to make sure that you do not miss anything important regarding this vulnerability.

  1. Is there anything I can do to be prepared for future vulnerabilities?

Just ask yourself: were you nervous after reading the security advisory about “GHOST”? If you just need to execute previously defined steps, such as updating your infrastructure, to make sure that your system is secure then you did a great job as you prepared. However existing processes and infrastructure can always be improved.

Take this time and think about your systems and processes:

  •  Is there a faster way to deploy security fixes?
  •  Is there any unnecessary/unused service that you can shut down to minimize attack surface?
  •  Is there any setting, functionality of any currently used software that you can switch off?
  •  Are you subscribed to security advisory alerts? Did you receive “GHOST” alerts in time?
  •  Is anybody watching security alerts 24/7 to take all necessary steps immediately when needed?
  1. What should I do as an Internet user?

You cannot do much. You are unlikely to be affected by this vulnerability. There is a very small chance that an attacker could send you a fake email or catch your email via a hacked email server or access your personal information stored on a hacked server but the probability is low enough that you should not be worried.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post