A critical vulnerability in the glibc library has been announced by Red Hat Product Security, assigned as CVE-2015-0235 and is commonly called as ‘GHOST’.
What is GHOST?
A buffer-overflow bug, GHOST affects the gethostbyname() and gethostbyname2() function calls in the glibc library. A remote attacker can make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.
Impact of GHOST
The gethostbyname() function call is used for resolving DNS which is a very common event. This vulnerability can be exploited by an attacker by triggering a buffer overflow by offering an invalid hostname argument to an application that performs a DNS resolution.