Emergency: GHOST CVE-2015-0235 vulnerability and emergency repair methods
Regarding this vulnerability
Security researchers have recently exposed a serious security vulnerability called Ghost (GHOST), which can allow attackers to remotely obtain the highest control privileges of the operating system, affecting a large number of Linux operating systems and their distributions on the market. The CVE number of this vulnerability is CVE-0235.
What is glibc
Glibc is a libc library released by GNU, also known as the C runtime library. Glibc is the lowest level API in Linux systems, and almost any other runtime library depends on glibc. Glibc not only encapsulates the system services provided by the Linux operating system, but also provides the implementation of many other necessary functional services. Glibc encompasses almost all the standards commonly used in UNIX.
Vulnerability Overview
Researchers from Qualys, a code auditing company, have discovered a buffer overflow vulnerability in the __nss_hostname-digits_dots() function of the glibc library. This bug can be triggered locally or remotely through the gethostbyname * () function.
The application mainly uses the gethostbyname * () function to initiate DNS requests, which converts the host name into an IP address.
reach
This vulnerability affects Linux operating systems with glibc library versions 2.2-2.17
The types of operating systems include
CentOS 6 & 7
Debian 7
Red Hat Enterprise Linux 6 & 7
Ubuntu 10.04 & 12.04
Various Linux distributions
Vulnerability testing
1. Save the following code file as a file with the file name GHOST. c (strictly distinguish between uppercase and lowercase letters).
#include
#include
#include
#include
#include
#include
#define CANARY "in_the_coal_mine"
struct {
char buffer[1024];
char canary[sizeof(CANARY)];
} temp = { "buffer", CANARY };
int main(void) {
struct hostent resbuf;
struct hostent *result;
int herrno;
int retval;
/*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/
size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1;
char name[sizeof(temp.buffer)];
memset(name, '0', len);
name[len] = '';
retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);
if (strcmp(temp.canary, CANARY) != 0) {
puts("vulnerable");
exit(EXIT_SUCCESS);
}
if (retval == ERANGE) {
puts("not vulnerable");
exit(EXIT_SUCCESS);
}
puts("should not happen");
exit(EXIT_FAILURE);
}
2. Execute the following command to check for vulnerabilities
gcc GHOST.c -o GHOST
./GHOST
repair plan
Execute glibc upgrade command
RH, Fedora, CentOS systems
yum install glibc && reboot
Debian, Ubuntu systems
apt-get clean && apt-get update && apt-get upgrade
Tip: After updating, restart processes that depend on glibc.
© Website copyright and disclaimer
1.[honmau Media] independently owns the copyright of all materials on relevant pages of this website;
2. No one is allowed to copy it without the express written permission of [honmau Media];
3. The articles that do not indicate "honmau Media" on this website are all from the Internet and are only for everyone to learn and refer;
4. If there is any infringement/violation/irregularity, please contact customer service QQ or email to delete it, please understand;
5.[honmau Media] reserves the right to correct, modify and update this statement at any time.legal notice
English
简体中文
繁体中文
