Vulnerability in the GNU C library

glibc-exploitThreat: A vulnerability in the GNU C library allows a buffer overflow attack to be performed on software compiled with glibc.
Solution: Install software updates for software compiled with glibc immediately.
URL: http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/

Basically this vulnerability can be exploited when vulnerable devices or apps make queries to attacker-controlled domain names or domain name servers or when they’re exposed to man-in-the-middle attacks. Devices that are most likely to be vulnerable are Linux based servers and internet devices. The maintainers of glibc have already released an update that patches the vulnerability. So patching for a server admin should be a simple manner of performing updates.

Where the impact of this vulnerability is less clear is various Internet of things devices that often don’t receive a software update over the life of the device. Many of those devices may remain vulnerable until they are replaced. One device that is not vulnerable is Android, as it uses a glibc substitute called Bionic.


Who is Paul Darr?

Paul Darr has lived in the Inland Empire region of California, Oregon, Colorado and currently lives in San Antonio, Texas. Paul is also an Army Veteran, who has deployed to Iraq and Afghanistan. On the political spectrum Paul is a Libertarian that advocates fiscal responsibility and social tolerance. Paul is currently employed as a Computer Support Technician and is a father of a handsome boy and beautiful daughter. In his free time Paul enjoys reading, using and modifying open source software, gaming and several other geeky pursuits.

Leave a Reply

Your email address will not be published. Required fields are marked *