Researchers at Qualys, a cloud security firm, stumbled across a massive bug which could leave millions of Linux-based servers and workstations vulnerable to attack. Dubbed GHOST, for the buggy glibc gethostname() method which is affected, has the potential to send the tech world into a tailspin as organizations prepare to audit themselves and patch the bug. The flaw leaves internet-connected computers vulnerable to a stack overflow, potentially allowing hackers to run malicious code on crucial systems across the world.

Unfortunately for the administrators and corporations which rely on it, the glibc library which is affected by this new vulnerability is one of the most common pieces of software found on Linux servers and workstations. The library is responsible for implementing a huge variety of simple software tasks across different applications and platforms. In this case, the vulnerable method is used for resolving hostnames to IP addresses, which every computer connected to the internet carries out thousands of times every day.

Unlike 2014’s high-profile Shellshock bug, GHOST will be difficult for organizations to stop at the firewall level. In that way it’s much more similar to Heartbleed, which caused a panic last year when it came to light that another popular internet protocol (TLS) could be used to remotely access and take control of networked computers.

Organizations of every size will need to take stock of their Linux-based assets and check to see if they’re currently using versions of glibc that are vulnerable to hacking. Patches plugging the hole are currently available, although fixing the problem may cause short outages as they’re applied. Administrators and technicians should take a careful look at every server and workstation with a Linux operating system, and the bug has already been documented to affect everything from mail servers to databases and web-based printing.

GHOST is likely to be a very widespread vulnerability, but Linux distributions released after early 2013 aren’t affected by the issue. The bug itself was introduced in an update to glibc in 2000, and went unfixed until it was patched in 2013. Although the flaw has been fixed in glibc’s codebase for over a year, it went unreported until Qualys disclosed it publicly in a blog post on January 27th, 2015.

The GHOST vulnerability, as well as Heartbleed and Shellshock before it, only serve to underline the need for any business that’s serious about computer security to turn to a professional. More and more businesses are finding that a core IT staff just isn’t enough to protect them from the diverse range of threats that they face every day.

If you’re concerned about potentially being exposed to GHOST, or just want a detailed look at your organization’s technology infrastructure and security, Rhino Security Labs can help. As a global leader in cybersecurity, Rhino has the experience, talent, and leadership to protect your crucial systems and networks. From traditional penetration testing to mobile audits and managed security solutions, Rhino Security Labs can transform any organization, regardless of size, from buggy to bulletproof.

For more information, or to schedule a consultation, contact Rhino Security Labs online at info@RhinoSecurityLabs.com or over the phone at (888) 944-8679.