A method to fix serious security vulnerabilities in Linux system glibc libraries

Linux glibc Vulnerability Background

The gethostbyname function of the Linux GNU glibc Standard library has burst a buffer overflow vulnerability with a vulnerability number of cve-2015-0235. Hackers can implement remote code execution through gethostbyname series functions, gain control of the server and Shell permissions, this vulnerability triggers many ways, the impact of a large range, so we need attention and timely temporary repair

Vulnerability Release date

January 27, 2015

Software and systems that have been identified for successful use

GLIBC 2.2 to 2.17 (contains 2.2 and 2.17 versions)

Vulnerability description

The GNU glibc standard Library's gethostbyname function bursts a buffer overflow vulnerability number: cve-2015-0235. GLIBC is a C library that provides system calls and basic functions, such as open, malloc, printf, and so on. GLIBC is used for all dynamically connected programs. Remote attackers can exploit this vulnerability to execute arbitrary code and elevate the permissions of the user running the application.
Vulnerability Detection method

Save the following code contents as Ghost.c

#include
#include
#include
#include
#include
#define CANARY "In_the_coal_mine"
struct {
Char buffer[1024];
Char canary[sizeof (Canary)];
temp = {"Buffer", CANARY};
int main (void) {
struct Hostent resbuf;
struct Hostent *result;
int Herrno;
int retval;
/*** strlen (name) = Size_needed-sizeof (*host_addr)-sizeof (*H_ADDR_PTRS)-1; ***/
size_t len = sizeof (Temp.buffer) -16*sizeof (unsigned char)-2*sizeof (char *)-1;
Char name[sizeof (temp.buffer)];
memset (name, ' 0 ', Len);
Name[len] = ' the ';
retval = Gethostbyname_r (name,&resbuf, Temp.buffer, sizeof (Temp.buffer), &result, &herrno);
if (strcmp (Temp.canary, Canary)!=0) {
Puts ("vulnerable");
Exit (exit_success);
}
if (retval = = Erange) {
Puts ("notvulnerable");
Exit (exit_success);
}
Puts ("should nothappen");
Exit (Exit_failure);
}

Perform GCC ghost.c-o GHOST

$./ghost
Vulnerable

Indicates that there is a vulnerability that needs to be repaired.

$./ghost
Notvulnerable

Indicates a successful repair.

Recommended Patching Scenarios

Special note: Since GLIBC is part of the Linux system infrastructure, in order to avoid the impact of patching on your server, we recommend that you choose the appropriate time to repair, and be sure to back up the snapshot operation before the repair, if there is a problem, you can quickly rollback snapshot recovery.

Centos 5/6/7:

Yum Update glibc
Ubuntu 12/14
Apt-get Update
Apt-get Install Libc6
Debian 6

Wget-o/etc/apt/sources.list.d/debian6-lts.list Http://mirrors.aliyun.com/repo/debian6-lts.list
Apt-get Update
Apt-get Install Libc6
Debian 7

Apt-get Update
Apt-get Install Libc6

Opensuse 13

Zypper Refresh
Zypper Update glibc*

Aliyun Linux 5u7

Wget-o/etc/yum.repos.d/aliyun-5.repo Http://mirrors.aliyun.com/repo/aliyun-5.repo
Yum Update glibc