Attackers utilize buffer overflow vulnerabilities similar this 1 past times sending specific packets of information to a vulnerable system. The ready on allows the assailant to execute arbitrary code in addition to direct keep command of the victim’s vulnerable machine.
Unfortunately, the vulnerability exists inward the GNU C Library (glibc), a code library originally released inward 2000, important it has been widely distributed. Many derivative programs utilize the glibc to bear out mutual tasks. Although an update released past times Linux inward 2013 mitigated this vulnerability, most systems in addition to products direct keep non installed the patch.
What Can I Do About GHOST Vulnerability?
Like amongst whatsoever vulnerability, the best means to mitigate GHOST vulnerability is to position vulnerable systems, prioritize the remediation procedure based on property criticality, in addition to deploy patches. You should continue a electrical flow inventory of devices, operating systems, in addition to applications inward your network in addition to thence that yous tin respond the query ‘am I vulnerable?” earlier to a greater extent than or less bad thespian answers it for you.
AlienVault Unified Security Management (USM) tin likewise help. USM provides property discovery, vulnerability assessment, threat detection (IDS), behavioral monitoring in addition to SIEM inward a unmarried console, summation weekly threat tidings updates developed past times the AlienVault Labs safety enquiry team.
USM tin scan your network to position assets amongst the GHOST vulnerability, making it slowly for yous to position systems that demand to survive patched in addition to prioritize remediation.
Not exclusively tin USM position vulnerable systems, it tin likewise assist yous honor attempted exploits of the vulnerability. Within hours of the regain of the GHOST vulnerability, the AlienVault Labs squad pushed updated correlation directives to the USM platform, enabling users to honor attackers attempting to exploit it.
USM likewise checks the IP information against the Open Threat Exchange (OTX), the largest crowd-sourced threat tidings exchange. In the event below, yous tin run into details from OTX on the reputation of an IP, including whatsoever malicious activities associated amongst it.
Learn to a greater extent than nearly AlienVault USM:
