Linux Security

The Linux Ghost Flaw: Everything You Need To Know

Justin Pot 27-02-2015

The GHOST vulnerability is a flaw in a vital part of every major Linux distro. It could, in theory, allow hackers to take control of computers without the need for a username or password.


Having said that, there are a few key points to keep in mind:

It’s odd, but modern security vulnerabilities have brand names intended to raise awareness – Heartbleed is a recent example Heartbleed – What Can You Do To Stay Safe? Read More , with its striking name and red logo. The brands help make otherwise obscure bugs into news stories, helping ensure problems are patched quickly.

GHOST brings this trend to the Linux world, thanks to an effort by Qualys. They hired a PR team to publicize their role in finding the bug, and many feel it was overhyped.

We’ll get to that. First, here’s what this bug is, what it affects, and what it can teach us about how Linux security updates happen.

What Is GHOST?

GHOST is a flaw in glibc, a library that comes with most Linux distros and is necessary to run basically all software. GHOST itself is a flaw in the “gethostbyname*()” function of glibc, which applications use to convert a web address to an IP.


This is where GHOST got its name: GetHOSTname.

The bug creates a buffer overflow, which allows would-be hackers to run code without credentials. Qualys’ proof of concept did this by sending code to an email server – other use cases might be possible.

Interestingly enough, the flaw was fixed in 2013, but wasn’t identified as a security risk at the time.

If The Bug Was Fixed Years Ago, Why Is It An Issue Now?



Basically, because no one noticed the bug was a security problem – meaning the update wasn’t pushed to many users.

Linux distros are a compilation of a wide variety of different packages. To the user this means software like Firefox, and desktop environments like Gnome, but that’s really only the tip of the iceberg. A lot of other software and libraries, including glibc, make Linux what it is behind the scenes. These projects all have their own teams, which regularly put out their own updates.

There are a lot of Linux distros out there The Best Linux Operating Distros The best Linux distros are hard to find. Unless you read our list of the best Linux operating systems for gaming, Raspberry Pi, and more. Read More , and all of them have different approaches to pushing these updates to their users. Rolling release distros, for example, are pretty much constantly updated – meaning users of distros like Arch have been secure since 2013.

Ubuntu, to use another example, sees a new version released every six months. These releases generally update all packages, which only get security updates after that. This means versions of Ubuntu released in 2014 or later were never vulnerable to GHOST, but users of Ubuntu 12.04 LTS were (at least, until a security update patched the bug).



According to Symantec, vulnerable releases included:

  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS
  • Red Hat Enterprise Linux 5
  • S.u.S.E. Linux 7.1
  • Debian Linux 6.0

Interestingly, ChromeOS developers noticed the flaw in early 2014, and patched it themselves for that reason. The Linux world seemingly didn’t notice.

Should I Be Worried?

DCF 1.0


Probably not: updates have been pushed to all major distros, and the bug itself was overhyped according to security experts. To quote Pawan Kinger at Trend Micro:

“Taken together, the risk of actual exploits targeting GHOST is relatively small compared to other vulnerabilities like Shellshock or Heartbleed.” — Pawan Kinger

And to quote Jake Edge of

“While the GHOST glibc vulnerability is serious, it also seems to be fairly hard to exploit – and has been seriously overhyped.” — Jake Edge

It was certainly a vulnerability that needed patching, but it probably didn’t need a brand name and a logo – and you shouldn’t lose much sleep over it.

What Can Users Learn From This?

If there’s a security myth that needs to die 4 Cyber Security Myths That Must Die Read More , it’s that Linux users don’t need to worry about their security. Every operating system has security flaws, and Linux (while quite safe) is no exception.

And on all systems, one of the best ways to protect yourself is to keep everything up-to-date. So, to summarize:

  • Always install security patches.
  • Ensure the version of Linux running on your personal computer, or your server, is still receiving security patches. If it’s not, upgrade to a newer release.

Do these things and you should be fine.

I want to know: have you installed updates yet? If not, get to it! Come back when you’re done, and we can talk about this and more in the comments below. Remember: just because you don’t run Windows doesn’t mean you’re completely safe 5 Security Software Myths That Can Prove Dangerous Malware is still a thing! Tens of millions of PCs remain infected worldwide. The damage ranges from unstable computers to identity theft. What makes people not take malware seriously? Let's uncover the myths. Read More !

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Stephen Green
    March 4, 2015 at 2:19 pm

    While your right, I don't think its as useful as the auther may wish it so.
    I just retired from a major company where these vulnerbilty's were taken care of long ago. As such I can't speak to the 'timelyness' of your article..

    • Justin Pot
      March 4, 2015 at 3:24 pm

      Yeah, I realize it's not timely, just thought it's worth explaining in case anyone is curious. Apparently people are.

  2. James
    March 2, 2015 at 10:50 pm

    You guys don't even list the version of glibc that this was fixed in? Really?

    • Justin Pot
      March 2, 2015 at 10:59 pm

      I'm really trying to write for an audience of users, and in my mind they don't think in terms of version numbers. I know I don't.

    • Justin Pot
      March 2, 2015 at 11:03 pm

      For the record, though, it was fixed before the 2.18 release.

  3. Devon
    February 28, 2015 at 1:26 pm

    "Interestingly, ChromeOS developers noticed the flaw in early 2014, and patched it themselves for that reason. The Linux world seemingly didn’t notice."

    -- incorrect, it was discovered in 2010 as was stated in the YouTube video....

  4. Abbas
    February 28, 2015 at 9:01 am

    MakeUseOf make the bug report useable indeed

  5. Bob
    February 28, 2015 at 4:41 am

    Thanks for this informative article!

    • Justin Pot
      February 28, 2015 at 5:11 am

      I'm glad you found it useful!