Don’t Let the Ghost Vulnerability Scare You
The GHOST vulnerability sounds like a scary thing, but our engineering team took quick action when patches were first released on January 27, 2015. Those folks are the real ghost busters!
Officially, on January 27th, 2015, a vulnerability in the GNU C Library (glibc) was identified. As with all vulnerabilities, SendThisFile follows vendor instructions for patching. As of February 4th, 2015, SendThisFile had patched all servers. After our research, SendThisFile has no reason to believe that any of our servers were compromised.
So, What is GHOST?
Officially this vulnerability is called the Remote Heap Buffer Overflow Vulnerability (CVE-2015-0235). It is called GHOST because it takes advantage of the “gethostbyname” functions. While similarly as serious as Heartbleed and ShellShock, the probability of a GHOST issue is less, since most major Linux distributors fixed the vulnerability in May of 2013. Also, the “gethostbyname” functions are obsolete.
No worries. The GHOST has been contained. (With very little slime.) No particle accelerators, cyclotrons, positron colliders, or proton packs will be necessary.
About The Author
Rick Ralston
Rick Ralston is an advisor to SendThisFile. He has been participating in or leading executive leadership teams for more than 20 years and has been instrumental in the growth of numerous software and Internet technology ventures. Rick received his MBA from University of Nebraska. If possible, he would spend all his available time tinkering on vintage Porsche 911’s and Honda café racers.