What Is GHOST Bug?
The GHOST bug is like a ghost. It's in your system, but you can't see it. But it's there, making your system vulnerable to attacks. It's a security vulnerability in the GNU C Library (Glibc) used by the Linux operating system. Security firm Qualys in January 2015 discovered it, but according to Trend Micro, the affected library was already patched by May 2013. If you thought you were safe from hackers, think again! A new vulnerability has been found in an old function of the Glibc library, which is used to resolve domain names to IP addresses. While the vulnerability was already fixed in 2013, it still affects older systems. Moreover, the said function has been superseded by a newer one without this flaw. The risk of a system being compromised by this bug is incredibly high if its network connection is unsecured. An unsecured connection is any connection that can be accessed without a login. The system is unsecured if connected to the Internet and does not require a login to access its link. Systems connected to the Internet and requiring a login to access their connection may also be at risk if they have unsecured connection ports. In most cases, ports below 1024 are unsecured, which means anyone can access them. GHOST is the name of a very clever bug—but it's also the name of an old library function that should have been retired years ago. The "gethostbyname" and "gethostbyname2" functions in the Glibc library are vulnerable to a buffer overflow, which means that if you're using those functions to resolve domain names to IP addresses, your systems could be compromised. The GHOST bug was fixed in 2013, but many systems still use the old code. Thankfully, newer methods are not affected by this flaw.
Related Terms by IT Security
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.










































