Advisory – The GHOST Security Vulnerability

A vulnerability in many Linux distributions

This vulnerability resides in the GNU C Library (glibc), and has the common vulnerability and exposures designation of CVE-2015-0235. It exposes a buffer overflow flaw via calls to gethostbyname() and similar function calls. If exploited, an attacker could execute arbitrary code with the permissions of the associated user running the application.

Although a patch issued 2 years ago would have rectified this flaw, most production versions of Linux haven’t previously incorporated the patch as a critical component. The risk can be mitigated by applying ‘current’ patches.

For more information see:
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

Or search for ‘ GHOST Vulnerability ‘ or ‘ CVE-2015-0235

If you have any furhter questions, please email support@netnorth.co.uk

Regards
Netnorth Support

Core Network Maintenance

Following some recent reports of very low packet loss on some routes via Cogent, we performed extensive testing of our core infrastructure and located a potential issue with one leg of our metropolitan core ring.  (Our core ring traverses four buildings, utilising a different supplier for each leg of the ring to ensure the most resilience)

This leg of the ring was provided by VirginMedia Fibre, so we raised a query with them to look into it further.

VirginMedia attended their core site in Manchester at 3pm today to diagnose the issue.  The engineer replaced the SFP module (fibre termination module) at the VM end of the link in Manchester, and cleaned the fibre ends as a courtesy to ensure good light levels.

Further Netnorth testing shows the low packet loss has now disappeared along this link and the circuit is operating normally.  We have re-integrated the circuit back into the ring and full resilience has been restored.

 

Connectivity was uninterrupted due to our ring formation network which automatically re-routed the affected traffic via the opposite leg of the ring.  This happens almost instantly.

Level3 IP Transit Instability

This evening there have been a few periods of instability with one of our IP Transit providers (Level3).

These occurred around 5pm, 7pm and 10:30pm.

Level3 have confirmed this is due to a faulty line card which is currently being replaced.

These brief periods of instability occur while our routers re-calculate alternate paths to destinations via our other providers.  During this time, all ISPs around the world also recalculate paths to us via our alternate routes.  These can last from a few seconds to a few minutes.

We balance our connectivity across multiple providers, so these instabilities affect certain destinations but not all destinations.