According to a blog post issued by the Google Security Team and Red Hat on Tuesday, a powerful Linux bug could affect thousands of devices, leaving users vulnerable to all sorts of cyber attacks.
The two teams have recently disclosed a Glibc vulnerability, which could pose a serious threat to a large number of devices. Glibc (GNU C Library) is one of the basic elements of all Linux-based operating systems and, as it turns out, it provided an incorrect process of handling responses while carrying out the DNS resolution.
This vulnerability could be easily exploited by an attacker by causing the Glibc to crash and then either restricting access to service or executing an arbitrary code for multiple purposes. The hackers could have access to anything from computers, internet routers or any other device connected to it.
One important function of GNU C Library is the domain look-up. This happens when a device tries to locate the corresponding IP address of a domain name, in order to access the website or service that they need.
However, according to security expers, this domain look-up code presents a bug, which would allow hackers to enter a malicious code within a computer’s memory. From there on, they would have remote control over the computer and any other device connected to it.
According to BBC reports, many programming languages, such as PHP and Python are at risk because of this.
Nevertheless, Google engineers say that it would be quite hard for an attacker to exploit that vulnerability, even though the specialists managed to figure out a way to make that happen.
Experts are finding it hard to determine how many systems could be threatened by this flaw, since it is not clear how many of them use the Glibc code.
What is certain, though, is that Windows and OS X are safe from such attacks and so is Google Android, who uses a substitute library.
Nonetheless, Google specialists are urging all manufacturers to examine their systems by using the proof-of-concept attack released on February 16th. What makes the situation even more troubling is that the flaw was first signaled in July 2015, but it was considered a low priority by the team who manages Glibc.
Now experts believe that this vulnerability, which is said to have existed since 2008, is similar to Shellshock, a bug found back in 2014, which posed a huge threat to a number of devices.
Image Source: Almasdarnews