At the end of January, security firm Qualys disclosed a new vulnerability they dubbed “GHOST” (CVE 2015-0235). GHOST is a critical vulnerability in glibc, the GNU C library, and it impacts Linux systems dating back to 2000.
Redhat listed GHOST in its CVE database as ‘critical’ with a CVSS v2 score of 6.8, and the media immediately began to compare GHOST to other high-profile vulnerabilities like Heartbleed and Shellshock.
Should you be haunted by GHOST?
Listen to our latest security slice podcast and hear VERT researchers Craig Young and Lane Thames discuss exactly how the GHOST vulnerability works, why GHOST has such a checkered past and how IT and security teams should evaluate GHOST against other critical security bugs.