Don’t Let the Ghost Vulnerability Scare You

The GHOST vulnerability sounds like a scary thing, but our engineering team took quick action when patches were first released on January 27, 2015. Those folks are the real ghost busters!

Officially, on January 27th, 2015, a vulnerability in the GNU C Library (glibc) was identified. As with all vulnerabilities, SendThisFile follows vendor instructions for patching. As of February 4th, 2015, SendThisFile had patched all servers. After our research, SendThisFile has no reason to believe that any of our servers were compromised.

So, What is GHOST?

Officially this vulnerability is called the Remote Heap Buffer Overflow Vulnerability (CVE-2015-0235). It is called GHOST because it takes advantage of the “gethostbyname” functions. While similarly as serious as Heartbleed and ShellShock, the probability of a GHOST issue is less, since most major Linux distributors fixed the vulnerability in May of 2013. Also, the “gethostbyname” functions are obsolete.

No worries. The GHOST has been contained. (With very little slime.) No particle accelerators, cyclotrons, positron colliders, or proton packs will be necessary.

Image Credit