Experts at Google have found a potentially dangerous bug in one of the Internet's most commonly used core building blocks, Glibc, (GNU C library) that puts thousands of apps and hardware devices at risk from potential attacks. Glibc is used as the C library in the GNU system that defines system calls and other basic functions on Linux systems.
This is starkly similar to last year's Ghost Vulnerability that affected all Linux systems dating back to 2000 where attackers could use this flaw to execute code and remotely gain control of Linux machines. This time a function known as getaddrinfo, that performs domain-name lookups, contains a buffer overflow bug that allows attackers to remotely execute malicious code.
Beware as all versions of glibc after 2.9 are vulnerable and these devices or apps make queries to attacker-controlled domain names or domain name servers. The bug then gives potential hackers the ability to monitor and manipulate data passing between a vulnerable device and the open internet.
This puts many users at risk as the common code is found across major parts of the web, including programming languages and systems used when logging in to sites or accessing email. The code can also be within many building blocks of the web most significantly programming languages such as PHP and Python.
Thankfully Google in its blog post has detailed the remedy for the bug and has given access to a patch that will help fix the vulnerability. Anyone using Linux-based software or hardware that performs domain name lookups should install this.
"Our initial investigations showed that the issue affected all the versions of glibc since 2.9. If the vulnerability is detected, machine owners may wish to take steps to mitigate the risk of an attack," said the blog.
The extent of the problem is not possible to determine because it is unclear how many devices and systems make use of the glibc code. Google for instance says its Android is not vulnerable to this particular attack even though Android is based on the Linux kernel. This is probably because Android uses the Linux kernel under the hood and Google's Android developers modify the Linux kernel to fit their needs.
Google researchers who posted the alert and patch said that glibc maintainers had been alerted about the vulnerability in July 2015 itself and the bug may have been dormant for a long time. It is also possible that hackers have already been exploiting this vulnerability.