{"id":5770,"date":"2016-06-15T07:55:19","date_gmt":"2016-06-15T07:55:19","guid":{"rendered":"https:\/\/bodhost.com\/kb\/?p=5770"},"modified":"2026-02-26T14:03:11","modified_gmt":"2026-02-26T14:03:11","slug":"glibc-ghost-vulnerability","status":"publish","type":"post","link":"https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/","title":{"rendered":"GLIBC GHOST \u2013 How to Deal with it?"},"content":{"rendered":"

<\/strong><\/p>\r\n

A critical vulnerability in the glibc library has been announced by Red Hat Product Security, assigned as CVE-2015-0235, and is commonly called as \u2018GHOST\u2019.<\/p>\r\n\r\n\r\n\r\n

What is a GHOST?\u00a0<\/p>\r\n\r\n\r\n\r\n

A buffer-overflow bug, GHOST affects the gethostbyname()<\/span> and gethostbyname2()<\/span> function calls in the glibc library. A remote attacker can make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.<\/p>\r\n\r\n\r\n\r\n

Impact of GHOST<\/p>\r\n\r\n\r\n\r\n

The gethostbyname()<\/span>\u00a0function call is used for resolving DNS which is a very common event. This vulnerability can be exploited by an attacker by triggering a buffer overflow by offering an invalid hostname argument to an application that performs a DNS resolution.<\/p>\r\n\r\n\r\n\r\n

There\u2019s a lot of confusion about the need to reboot due to GLIBC GHOST bug. Is it really essential to restart ‘vulnerable services’ or reboot the server?<\/p>\r\n\r\n\r\n\r\n

No doubt,\u00a0 you have to restart vulnerable services, yet there is no need to restart the whole server – if you know what it is running (Note: – In shared hosting – we actually do).<\/p>\r\n\r\n\r\n\r\n

First of all – All services that use glibc don\u2019t need to restart. Only services that use gethostbyname<\/span>. That function is used to resolve the internet hostname to an IP address.<\/p>\r\n\r\n\r\n\r\n

To exploit this function, the attacker needs to be able to feed a specially crafted ‘host name’ to the service. And service needs to process it without validating it first.<\/p>\r\n\r\n\r\n\r\n

That is not a common condition. For example \/sbin\/init, while using glibc will not be exploitable at all using the such bug. So, no need to restart it.<\/p>\r\n\r\n\r\n\r\n

So, what can be potentially exploitable, and restarted:<\/p>\r\n\r\n\r\n\r\n

    \r\n
  1. Exim: only when configured to resolve the remote hostname. Restart it.<\/li>\r\n\r\n\r\n\r\n
  2. Apache – apache itself is not exploitable, but some modules might be checking remote hosts – so, why not restart it. You should also restart PHP FPM, mod_lsapi daemon if you are running it in self_starter mode.\u00a0 Restart it just in case<\/li>\r\n\r\n\r\n\r\n
  3. LiteSpeed – restart it just in case.<\/li>\r\n\r\n\r\n\r\n
  4. Nginx – it is not vulnerable, and most common configurations I have seen on shared hosts will not be vulnerable as well – but given how cheap it is to restart it — restart it.<\/li>\r\n\r\n\r\n\r\n
  5. cPanel (or your favorite brand of the control panel) – yes, worth it, including cpHulkd. They might be not vulnerable at all – but with closed-source software — you never know, and such a restart is once again – cheap.<\/li>\r\n\r\n\r\n\r\n
  6. PostgreSQL – we don’t really know, so restart it just in case.<\/li>\r\n\r\n\r\n\r\n
  7. OpenSSH — it considered safe, but if you want to be really safe — restarting OpenSSH doesn’t require any server downtime.<\/li>\r\n\r\n\r\n\r\n
  8. Postfix\/Sendmail – most likely it is safe, but same as with OpenSSH — restarting it doesn’t take much.<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n

    Proftpd, pure-ftpd,vsftpd,xinetd, tcp_wrappers, Syslog, MySQL\/MariaDB –> are all considered safe – but should be easy to restart if you feel like it.<\/p>\r\n\r\n\r\n\r\n

    Why so several people confused with rebooting the server?<\/p>\r\n\r\n\r\n\r\n

    Unlike shared hosting servers — generic servers run various software — and it is really hard to predict which software is vulnerable and which is not. So, for them – the\u00a0best way to go is to reboot.<\/p>\r\n\r\n\r\n\r\n

    In shared hosting — not as important.<\/p>\r\n\r\n\r\n\r\n

    Resolution<\/p>\r\n\r\n\r\n\r\n

    In order to avoid the possibility of an exploit \u2013<\/p>\r\n\r\n\r\n\r\n

      \r\n
    1. Update the glibc and nscd packages on your system using the packages related to the following errata:
      \r\n

      Red Hat Enterprise Linux Server 5: RHSA-2015:0090<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux Server (v. 6): RHSA-2015:0092<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux Server (v. 7): RHSA-2015:0092<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux Desktop 5: RHSA-2015:0090<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux Desktop 6: RHSA-2015:0092<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux Desktop 7: RHSA-2015:0092<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux HPC Node 6: RHSA-2015:0092<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux HPC Node 7: RHSA-2015:0092<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux Workstation 6: RHSA-2015:0092<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux Workstation 7: RHSA-2015:0092<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux Server EUS (v. 6.6): RHSA-2015:0092<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux Server EUS (v. 6.5): RHSA-2015:0099<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux Server EUS (v. 6.4): RHSA-2015:0099<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux Server EUS (v. 5.9): RHSA-2015:0099<\/p>\r\n\r\n\r\n\r\n

      Red Hat Enterprise Linux ELS (v. 4): RHSA-2015:0101<\/p>\r\n<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n\r\n\r\n

      \u00a02. Now reboot the system or restart all affected services \u2013<\/p>\r\n\r\n\r\n\r\n

      This vulnerability affects several applications on the system, therefore, the safest and recommended way to assure every application uses the updated glibc packages is to restart the system.<\/p>\r\n\r\n\r\n\r\n

      But if you aren\u2019t able to restart the entire system after the update, run the following command to list all the running processes though you are using the old [in-built] version of glibc on your system.<\/p>\r\n\r\n\r\n\r\n

      lsof +c0 -d DEL | awk 'NR==1 || \/libc-\/ {print $2,$1,$4,$NF}' | column -t<\/pre>\r\n\r\n\r\n\r\n
      When the list gets generated, identify the public-facing services and restart them. Though might be a temporary solution, it isn\u2019t supported by Red Hat and if any problem arises, you asked to reboot the system prior to the beginning of any troubleshooting.<\/p>\r\n
      <\/strong><\/p>","protected":false},"excerpt":{"rendered":"
      A critical vulnerability in the glibc library has been announced by Red Hat Product Security, assigned as CVE-2015-0235, and is commonly called as \u2018GHOST\u2019. What is a GHOST?\u00a0 A buffer-overflow…<\/p>\n
      Read More<\/a><\/p>\n","protected":false},"author":15,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[664],"tags":[769,768],"class_list":["post-5770","post","type-post","status-publish","format-standard","hentry","category-web-hosting","tag-ghost-glibc-vulnerability-test","tag-glibc-ghost-exploit"],"yoast_head":"\nGLIBC GHOST \u2013 How to Deal with it?<\/title>\n<meta name=\"description\" content=\"The GLIBC GHOST vulnerability is a critical security flaw that affects Linux systems. Learn how to identify and patch it to protect your system from potential attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GLIBC GHOST \u2013 How to Deal with it?\" \/>\n<meta property=\"og:description\" content=\"The GLIBC GHOST vulnerability is a critical security flaw that affects Linux systems. Learn how to identify and patch it to protect your system from potential attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"Knowledge Base - bodHOST\" \/>\n<meta property=\"article:published_time\" content=\"2016-06-15T07:55:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-26T14:03:11+00:00\" \/>\n<meta name=\"author\" content=\"anilr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"anilr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/glibc-ghost-vulnerability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/glibc-ghost-vulnerability\\\/\"},\"author\":{\"name\":\"anilr\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#\\\/schema\\\/person\\\/8871ea0c76482a5a482e48538ae4dbb3\"},\"headline\":\"GLIBC GHOST \u2013 How to Deal with it?\",\"datePublished\":\"2016-06-15T07:55:19+00:00\",\"dateModified\":\"2026-02-26T14:03:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/glibc-ghost-vulnerability\\\/\"},\"wordCount\":804,\"publisher\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#organization\"},\"keywords\":[\"ghost glibc vulnerability test\",\"glibc ghost exploit\"],\"articleSection\":[\"Web Hosting\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/glibc-ghost-vulnerability\\\/\",\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/glibc-ghost-vulnerability\\\/\",\"name\":\"GLIBC GHOST \u2013 How to Deal with it?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#website\"},\"datePublished\":\"2016-06-15T07:55:19+00:00\",\"dateModified\":\"2026-02-26T14:03:11+00:00\",\"description\":\"The GLIBC GHOST vulnerability is a critical security flaw that affects Linux systems. Learn how to identify and patch it to protect your system from potential attacks.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/glibc-ghost-vulnerability\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/glibc-ghost-vulnerability\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/glibc-ghost-vulnerability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Web Hosting\",\"item\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/category\\\/web-hosting\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GLIBC GHOST \u2013 How to Deal with it?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/\",\"name\":\"Web Hosting Knowledge Base | bodHOST Hosting FAQ\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#organization\"},\"alternateName\":\"Web Hosting Knowledge Base | bodHOST Hosting FAQ\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#organization\",\"name\":\"Web Hosting Knowledge Base | bodHOST Hosting FAQ\",\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/Profile-Pic.png\",\"contentUrl\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/Profile-Pic.png\",\"width\":240,\"height\":240,\"caption\":\"Web Hosting Knowledge Base | bodHOST Hosting FAQ\"},\"image\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#\\\/schema\\\/person\\\/8871ea0c76482a5a482e48538ae4dbb3\",\"name\":\"anilr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/11307531bf21385b7c7046df25e96e38f4530ef77506385bb9d9c72798e5b284?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/11307531bf21385b7c7046df25e96e38f4530ef77506385bb9d9c72798e5b284?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/11307531bf21385b7c7046df25e96e38f4530ef77506385bb9d9c72798e5b284?s=96&d=mm&r=g\",\"caption\":\"anilr\"},\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/author\\\/anilr\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GLIBC GHOST \u2013 How to Deal with it?","description":"The GLIBC GHOST vulnerability is a critical security flaw that affects Linux systems. Learn how to identify and patch it to protect your system from potential attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/","og_locale":"en_US","og_type":"article","og_title":"GLIBC GHOST \u2013 How to Deal with it?","og_description":"The GLIBC GHOST vulnerability is a critical security flaw that affects Linux systems. Learn how to identify and patch it to protect your system from potential attacks.","og_url":"https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/","og_site_name":"Knowledge Base - bodHOST","article_published_time":"2016-06-15T07:55:19+00:00","article_modified_time":"2026-02-26T14:03:11+00:00","author":"anilr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"anilr","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/"},"author":{"name":"anilr","@id":"https:\/\/www.bodhost.com\/kb\/#\/schema\/person\/8871ea0c76482a5a482e48538ae4dbb3"},"headline":"GLIBC GHOST \u2013 How to Deal with it?","datePublished":"2016-06-15T07:55:19+00:00","dateModified":"2026-02-26T14:03:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/"},"wordCount":804,"publisher":{"@id":"https:\/\/www.bodhost.com\/kb\/#organization"},"keywords":["ghost glibc vulnerability test","glibc ghost exploit"],"articleSection":["Web Hosting"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/","url":"https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/","name":"GLIBC GHOST \u2013 How to Deal with it?","isPartOf":{"@id":"https:\/\/www.bodhost.com\/kb\/#website"},"datePublished":"2016-06-15T07:55:19+00:00","dateModified":"2026-02-26T14:03:11+00:00","description":"The GLIBC GHOST vulnerability is a critical security flaw that affects Linux systems. Learn how to identify and patch it to protect your system from potential attacks.","breadcrumb":{"@id":"https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.bodhost.com\/kb\/glibc-ghost-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Web Hosting","item":"https:\/\/www.bodhost.com\/kb\/category\/web-hosting\/"},{"@type":"ListItem","position":2,"name":"GLIBC GHOST \u2013 How to Deal with it?"}]},{"@type":"WebSite","@id":"https:\/\/www.bodhost.com\/kb\/#website","url":"https:\/\/www.bodhost.com\/kb\/","name":"Web Hosting Knowledge Base | bodHOST Hosting FAQ","description":"","publisher":{"@id":"https:\/\/www.bodhost.com\/kb\/#organization"},"alternateName":"Web Hosting Knowledge Base | bodHOST Hosting FAQ","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bodhost.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.bodhost.com\/kb\/#organization","name":"Web Hosting Knowledge Base | bodHOST Hosting FAQ","url":"https:\/\/www.bodhost.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.bodhost.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/www.bodhost.com\/kb\/wp-content\/uploads\/2025\/10\/Profile-Pic.png","contentUrl":"https:\/\/www.bodhost.com\/kb\/wp-content\/uploads\/2025\/10\/Profile-Pic.png","width":240,"height":240,"caption":"Web Hosting Knowledge Base | bodHOST Hosting FAQ"},"image":{"@id":"https:\/\/www.bodhost.com\/kb\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.bodhost.com\/kb\/#\/schema\/person\/8871ea0c76482a5a482e48538ae4dbb3","name":"anilr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/11307531bf21385b7c7046df25e96e38f4530ef77506385bb9d9c72798e5b284?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/11307531bf21385b7c7046df25e96e38f4530ef77506385bb9d9c72798e5b284?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/11307531bf21385b7c7046df25e96e38f4530ef77506385bb9d9c72798e5b284?s=96&d=mm&r=g","caption":"anilr"},"url":"https:\/\/www.bodhost.com\/kb\/author\/anilr\/"}]}},"_links":{"self":[{"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/posts\/5770","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/comments?post=5770"}],"version-history":[{"count":7,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/posts\/5770\/revisions"}],"predecessor-version":[{"id":12067,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/posts\/5770\/revisions\/12067"}],"wp:attachment":[{"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/media?parent=5770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/categories?post=5770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/tags?post=5770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}