GLibc GHOST Vulnerability CVE-2015-0235

On 27 January 2015, a vulnerability in all versions of the GNU C library (glibc) was announced by Qualys. The issue was a buffer overflow during DNS hostname resolution. Disclosure of this issue was coordinated with the various operating system vendors and patches were made available by RedHat soon after the initial announcement went out.

According to Qualys, this vulnerability allows unauthenticated remote code execution in any daemons or services that perform hostname lookups using the vulnerable functions in the GNU C library. This library is at the core of most services and software that runs on Linux systems.

Qualys developed working attacks for the EXIM mail transport agent that all cPanel & WHM systems use. Qualys also created a Metasploit module to make testing or exploitation of the vulnerability straightforward for an attacker. At present, Qualys has not released any attack code, only detailed analysis of the flaw and its impact.

To patch this, you can type:
yum clean all
yum update glibc

To verify that it has been patched, you can type the following to check for the changelog entry:
rpm -q –changelog glibc | grep CVE-2015-0235