A highly critical vulnerability found in the GNU C Library (glibc) has been announced that affects most Linux distributions, leaving thousands of apps and electronic devices vulnerable to hackers that can take full control over them.
The flaw can be exploited when an affected device or app make queries to a malicious DNS server that returns too much information to a lookup request and floods the program’s memory with code. This code then compromises the vulnerable application and tries to take control over the whole system.
All versions of glibc after 2.9 are vulnerable. Therefore, any software or application that connects to the internet and uses glibc are at risk. The vulnerability could extend to nearly all the major software, including:
- All distributions of Linux
- Programming languages such as Python, PHP and Ruby on Rails
- Many others that use Linux code to lookup the numerical IP address of an internet domain
- Most Bitcoin software
Google researchers, working with security researchers at Red Hat, have released a patch to fix the problem. For more details regarding this flaw, please check out Redhat's security advisory.
