It has been estimated that hundreds of thousands devices including the apps using free software are vulnerable to such attacks. Also, all versions of GLIBC starting from v2.9 are believed to be vulnerable. The vulnerabilities and other bugs have been made available and server administrators are recommended to update their system at the earliest.
Google and Red Hat Researchers on Tuesday claimed that they have separately discovered the vulnerability in the GNU C Library, a set of open source codes which is used by many apps, hardware plus IOT Devices.
The Bug was first found in 2008 and it lies in a function called getaddrinfo(), which is designed in such a way to let users to give users domain name look-ups.
The vulnerability can be manipulated when the app or the device which is vulnerable requires translation of a Web Address into numerical IP address from a compromised domain name or server. Also, this big permits the attacker to control and manipulate data which is passing between a compromised app or device to the Web. Also, it allow the attacker to do some remote code execution.
Security researcher Kenn White tweeted on Twitter “No, seriously, patch glibc today. This is bad”.
Post A Comment:
0 comments:
Post a Comment