Vulnerability in the GNU C library

glibc-exploitThreat: A vulnerability in the GNU C library allows a buffer overflow attack to be performed on software compiled with glibc.
Solution: Install software updates for software compiled with glibc immediately.
URL: http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/

Basically this vulnerability can be exploited when vulnerable devices or apps make queries to attacker-controlled domain names or domain name servers or when they’re exposed to man-in-the-middle attacks. Devices that are most likely to be vulnerable are Linux based servers and internet devices. The maintainers of glibc have already released an update that patches the vulnerability. So patching for a server admin should be a simple manner of performing updates.

Where the impact of this vulnerability is less clear is various Internet of things devices that often don’t receive a software update over the life of the device. Many of those devices may remain vulnerable until they are replaced. One device that is not vulnerable is Android, as it uses a glibc substitute called Bionic.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.