The GHOST Flaw – CVE-2015-0235

Yesterday, January 27, 2015, Qualys Labs disclosed a vulnerability in the glibc library affecting almost every major linux distribution.  FormAssembly’s servers were affected as well, and we’d like to share with you the steps we took to resolve the issue.

What is ‘glibc’ / CVE-2015-0235:

glibc is a Linux software library that underpins most software that communicates with the outside internet as well as many other activities.  CVE-2015-0235 / ‘GHOST‘ is a vulnerability that allows specially crafted invalid internet addresses to bypass the usual security checks put in place to prevent compromised code from running on a web server.

Who is affected:

Besides FormAssembly, most web based services running a Linux operating system will be performing updates to close this security gap in the next few days.

What we did to resolve the issue:

Because we keep abreast of security disclosures, we were able to perform the relevant updates within a few hours of the vulnerability being announced and fixes being provided by the appropriate vendors.
While performing these updates, FormAssembly experienced a brief outage for approximately thirty minutes on January 28th, 2015 between 02:45-03:15 UTC. We are sorry for this downtime, and we hope it did not cause a severe inconvenience for you or your respondents. We are taking steps to prevent this kind of outage from occurring again in the future.

What you should do:

We have no evidence this vulnerability was used against any FormAssembly server, and due to the limited scope of the vulnerability, we do not recommend any specific actions to our users.
For more information see Ars Technica’s reporting on this vulnerability.
And, if you have any questions, please contact us here or at [email protected].
FormAssembly Infrastructure Team

Don’t just collect data — leverage it.