Vulnerable GHOST Function Called by 41 Percent of Applications Using Standard C Library

80 percent of vulnerable applications rated as highly business-critical, according to analytics from Veracode’s cloud-based security platform


BURLINGTON, Mass. — February 5, 2015 Veracode, a leader in protecting enterprises from today’s pervasive web and mobile application threats, today released analytics from its cloud-based platform showing that of the enterprise applications it assessed that rely on the widely-used GNU C Library, 41 percent make calls to the gethostbyname functions that are vulnerable in unpatched versions of Linux.

The critical buffer overflow vulnerability, nicknamed GHOST because of its relation to the gethostbyname function, affects Linux systems going back to 2000.  Cyberattackers can potentially exploit this vulnerability (formally known as CVE-2015-0235) to remotely take control of systems, giving them the ability to delete files, install cyberespionage malware or use the systems as launching points for Distributed Denial of Service (DDoS) attacks, for example.

While the vulnerability may have been dormant since 2000, there is no way to tell if nation-states, cybercriminals or cyberhacktivists have already been exploiting it.  Many applications use the function to perform common operations such as looking up email addresses, “pinging” remote servers to check on their availability, or connecting to remote servers for software updates.

In its analysis, Veracode also found that 80 percent of potentially vulnerable applications it scanned have a business criticality rating of “High” or “Very High,” according to their business owners.  This typically means that the applications are customer-facing or access sensitive databases or back-end systems that execute financial transactions.

The analysis also found that, while the majority of potentially vulnerable applications (72 percent) were written in C or C++, a number of them were also written in modern languages including Java, .NET and PHP.  This implies that the vulnerability may be more widespread than might otherwise be expected.  Knowing exactly where these applications reside can help enterprises prioritize their patching efforts in globally-distributed environments.

“The GHOST vulnerability is another example of how our complex global software infrastructure relies on thousands of reusable components and functions that may have been written more than a decade ago,” said Chris Wysopal, Veracode co-founder, CISO and CTO. “Veracode’s automated cloud-based service is a simpler way for enterprises to continuously assess all of their applications for vulnerabilities that provide cyberattackers with access to sensitive corporate and customer data.”

Veracode is sponsoring a SANS webcast featuring Chris Wysopal on Friday, February 6 at 1pm EST.  To register for the webinar, entitled “Wrapping Up The GHOST: Lessons Learned From The Ghost Vulnerability,” please visit: