On Thursday, February 2016, Google security engineers released a blog article stating that they had found a security issue with the GNU C Library or glibc that could potentially have a wide spread reach across all devices that use Linux as their Operating System.
In the blog article Google security engineers mentioned that they have already been in talks with Red Hat and have already developed a patch for the bug which affects the getaddrinfo function in the glibc library.
Although this is a serious bug, the Google engineers have stated that although remote execution is possible, it would still require bypassing exploit mitigations such as ASLR which are designed to minimise these issues.
The vulnerability was first introduced into version 2.9 of the library which was released way back in May 2008. Worryingly its been mentioned that the bug was first reported to the team who look after the glibc library back in July 2015, however they flagged the issue as a low priority.
So what is glibc used for? Its used by the Linux Operating System to typically resolve IP address or can be used for domain look ups. For example, if a computer wanted to lookup Google.com it would find its corresponding IP Address so it can access the website.
If you are using an Android device, we’re in luck as Google opted to use another variant for resolving IP addresses, Bionic C. However, the Operating Systems that are potentially at risk are CentOS, Oracle and Amazon Linux, not to mention all sort of embedded devices which utilise these such as computers, routers, wireless access points etc.
To add more into the mix, the glibc library can also be called within a number of programming languages such as PHP and Python which are used heavily within web enabled applications. This could, in theory allow malicious users access to systems or emails, depending upon the use case.
Its now a race against time for the owners and manufacturers of Linux systems to update all their systems with this latest patch, this is by no means an easy task.
Red Hat has confirmed that their effected products include multiple versions of their RHEL server workstation and desktop systems.