glibc Security exploit

by Sankar H,

Guru

Yet again an exploit that could impact a massive number of Linux servers was disclosed, and dealt with. With a very large community to support and stand by *nix users, this is how it happens.

This time though, not many had to try out the work-arounds, to stay protected; As the exploit was patched up in the packages of OS(s) like RHEL and CentOS rather quickly. If you have stuck to the golden rule of updating the O/S packages regularly, well you can now relax. However for those who have still left the door open, it is high time you lock it in by updating the packages!

For more details on the exploit, refer to CVE-2010-3847. Corresponding bug in Red-Hat's bugzilla can be found here, and the released errata can be found here.

And yes, we are not discussing the exploit in any detail here! But we do thank Tavis Ormandy for his contribution.


About the Author :

Sankar works as a Senior Software Engineer in Bobcares. He joined Bobcares back in April 2006. He loves grooming/mentoring people. During his free time, he listens to music, and enjoys singing..