Updated on July 5, 2016 by UpGuard
This week Qualys announced a vulnerability in certain versions of glibc that is now being called GHOST. The vulnerability allows remote execution of code by calling gethostbyname() and is considered critical. We won't cover what others have already said: you can read the original Qualys post here, a summary from ZDNet here, and advice on updating your OS version here. If you aren't sure what version of glibc is used on every one of your Linux machines, read on. We have created a one-click solution for validating the security of all your nodes.
Interestingly, this glibc bug was actually fixed in 2013 with version 2.18 but it wasn't seen as a security issue at the time, so we were not warned to update right away. Because of this, many machines in production today have yet to be updated, and admins may be left racking their brains wondering which version they're running or trying to recall when they last updated glibc or what version of glibc is in their current OS.
We've added a public policy to UpGuard to scan your nodes for vulnerable versions of glibc. Simply sign up for any free or paid version of UpGuard, add your nodes (it's agentless—there's nothing to install), and click the "Ghost Vuln Check" button:
You can also use Search:
In case you're unfamiliar—UpGuard is a complete configuration monitoring platform. Practically any device that 1) has configuration data, and 2) can be logged into (meaning any *nix variant, Windows servers, network devices, cloud apps—you name it) is able to be accessed by UpGuard. You can then search that wealth of data to find relevant information, compare servers to each other, or see how configurations have changed across time. Companies large and small all around the world are already using UpGuard to maintain total visibility into their environments.
The Lite version of UpGuard is free of charge forever and allows you to monitor up to 5 nodes. If you're interested in unlocking more advanced features and monitoring for up to 50 nodes, enter the coupon code 1MONTHFREE for a month of our Standard offering, free of charge.
The next time something like this happens—and trust us, there will be a next time—UpGuard users will find it trivially simple to log in and scan their entire infrastructure for any offending packages needing to be patched. Proper configuration monitoring can mean the difference between discovering and patching problems in minutes, or spending an entire weekend manually trudging through every node you're responsible for.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.