Linux glibc Vulnerability Background
The gethostbyname function of the Linux GNU glibc Standard library has burst a buffer overflow vulnerability with a vulnerability number of cve-2015-0235. Hackers can implement remote code execution through gethostbyname series functions, gain control of the server and Shell permissions, this vulnerability triggers many ways, the impact of a large range, so we need attention and timely temporary repair
Vulnerability Release date
January 27, 2015
Software and systems that have been identified for successful use
GLIBC 2.2 to 2.17 (contains 2.2 and 2.17 versions)
Vulnerability description
The GNU glibc standard Library's gethostbyname function bursts a buffer overflow vulnerability number: cve-2015-0235. GLIBC is a C library that provides system calls and basic functions, such as open, malloc, printf, and so on. GLIBC is used for all dynamically connected programs. Remote attackers can exploit this vulnerability to execute arbitrary code and elevate the permissions of the user running the application.
Vulnerability Detection method
Save the following code contents as Ghost.c
#include
#include
#include
#include
#include
#define CANARY "In_the_coal_mine"
struct {
Char buffer[1024];
Char canary[sizeof (Canary)];
temp = {"Buffer", CANARY};
int main (void) {
struct Hostent resbuf;
struct Hostent *result;
int Herrno;
int retval;
/*** strlen (name) = Size_needed-sizeof (*host_addr)-sizeof (*H_ADDR_PTRS)-1; ***/
size_t len = sizeof (Temp.buffer) -16*sizeof (unsigned char)-2*sizeof (char *)-1;
Char name[sizeof (temp.buffer)];
memset (name, ' 0 ', Len);
Name[len] = ' the ';
retval = Gethostbyname_r (name,&resbuf, Temp.buffer, sizeof (Temp.buffer), &result, &herrno);
if (strcmp (Temp.canary, Canary)!=0) {
Puts ("vulnerable");
Exit (exit_success);
}
if (retval = = Erange) {
Puts ("notvulnerable");
Exit (exit_success);
}
Puts ("should nothappen");
Exit (Exit_failure);
}
Perform GCC ghost.c-o GHOST
$./ghost
Vulnerable
Indicates that there is a vulnerability that needs to be repaired.
$./ghost
Notvulnerable
Indicates a successful repair.
Recommended Patching Scenarios
Special note: Since GLIBC is part of the Linux system infrastructure, in order to avoid the impact of patching on your server, we recommend that you choose the appropriate time to repair, and be sure to back up the snapshot operation before the repair, if there is a problem, you can quickly rollback snapshot recovery.
Centos 5/6/7:
Yum Update glibc
Ubuntu 12/14
Apt-get Update
Apt-get Install Libc6
Debian 6
Wget-o/etc/apt/sources.list.d/debian6-lts.list Http://mirrors.aliyun.com/repo/debian6-lts.list
Apt-get Update
Apt-get Install Libc6
Debian 7
Apt-get Update
Apt-get Install Libc6
Opensuse 13
Zypper Refresh
Zypper Update glibc*
Aliyun Linux 5u7
Wget-o/etc/yum.repos.d/aliyun-5.repo Http://mirrors.aliyun.com/repo/aliyun-5.repo
Yum Update glibc