Friday 19 February 2016

Glibc Vulnerability Is Difficult To Exploit, Says Google Engineers

Glibc Vulnerability Is Difficult To Exploit, Says Google Engineers

The glibc vulnerability which has been discovered by the engineers of Google. They say that exploiting it is very difficult, but there is not surety that it can not be exploited. Security experts said not to take risk and advised the companies to eliminate the remote code execution risk.

"The glibc includes the domain look-up code, that contains bug by which malicious hacker can easily implant the code within a device's memory in order to enable remote code execution attacks." said by Google engineers.

The glibc flaw is not the new one, it's just like the Heartbleed and Shellshock vulnerabilities, and it has been already exploited by attackers. Hundred of applications, services and devices could be at risk if attackers find a way to exploit this flaw, because almost all unix-based system, Linux servers etc used the glibc open-source standard C library.

The glibc flaw is having a number of capability like:- 

>> It can compromise apps.
>> It can easily gain control of systems.

According to the Patrick Carey of Black Duck, "Once the hacker get the access to the systems then he can perform many malicious tasks like to translate domain names to actual machine IP addresses, either directly or through a man-in-the-middle attack."

Carey said that "There is a race between the hackers who exploit the vulnerability and development teams."

Paul Ducklin, senior technologist at Sophos said that

"until or unless operating system distro has a patch, get it,"

The first who release a patch for glibc 2.9 flaw was Red Hat for his Linux distribution and later collaborate with google.

Core Component :

Flaw in glibc can affect almost every program of the Linux version Operating System because Linux OS contain glibc as a core component, but the best thing is that only by patching central copy, it automatically 'patch' the other application taht depends upon it.

Carey said that 

"They have to make updates and patch those applications that are available to users like (apps installed on either users desktop or mobile devices)".

IoT devices :

A lot of internet of things (IoT) devices are not affected by this because it do not use glibc instead of that it use large and more compact implementations of this core library. It is also very difficult to check your IoT devices for this flaw because it is very difficult to access the inner workings, so this things are reliant on suppliers to check out the same.

David Flower (managing director for Europe at security firm Carbon Black) said that

“Linux users have believed that there systems are safe and secure. However, the string of high-profile Linux malware – from last year’s Mumblehard, which had gone undetected for five years, to 2012’s Snakso, which gave hackers remote access to servers – has proven this belief to be false, and Google’s discovery of glibc has delivered another significant blow to this misconception, highlighting that a basic flaw has been present within the code itself,”

Flower also said that organisations hasve to patch the vulnerability in order to make there system safe and secure.

The impact of this flaw is more on routers than any other servers and endpoints. Reason behind this only the more robustness, memory protection etc.

Flower said that 

“However, protections of this nature are not implemented in integrated devices like routers due to their expensive nature, both in costs and hardware requirements. As a result, it is much easier to create the buffer overflow needed to insert malicious code to open a backdoor or disable the device altogether,”.

Impact more on routers

He believes the impact of this bug is likely to be felt more on routers than servers and endpoints, because these typically contain more robust memory protection and separation techniques to control what a CPU executes.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer