1.Vulnerability Background
Code Audit company Qualys's researchers found a buffer overflow vulnerability in the __nss_hostname_digits_dots () function in the GLIBC library, which can be triggered either locally or remotely by the gethostbyname* () function.
1) by using the gethostbyname () function or the gethostbyname2 () function, it is possible to generate a buffer overflow on a heap. by Gethostbyname_r () or Gethostbyname2_r (), the buffer overflow provided by the caller is triggered (theoretically, the buffer provided by the caller can be located in the heap, stack,. Data section, and. BSS section, and so on. However, we did not see such a situation when we were actually working on it.
2) The vulnerability arises until multiple sizeof (char*) bytes can be overwritten (note the size of the char* pointer, which is 4 bytes on 32-bit systems, and 64-bit system is 8 bytes). But there are only numbers in payload (' 0 ' ... ') 9 '), point ("."), and a terminating null character (' s ') are available.
3) Despite these limitations, we can still execute arbitrary code.
Upgrading GLIBC using source code is a matter of careful consideration, since almost all applications in the system rely on the original dynamic library, and when upgrading, executing the "make install" command interrupts the old dynamic library link and points to the new library file instead. In this process, different links to the new and old different versions of the library files, it is easy to cause the system crashes, after a crash, it is generally impossible to restart.
2.Impact Range
The vulnerability affects the Linux operating system of the GLIBC library version 2.2-2.17
Operating system types include
CentOS 6 & 7
Debian 7
Red Hat Enterprise Linux 6 & 7
Ubuntu 10.04 & 12.04
Each Linux distribution
3.Vulnerability Testing
[Email protected]_gh_ha_master ~]#./ghost
Vulnerable
[Email protected]_uat_s2 ~]#./ghost
Notvulnerable
4.Bug Fixes
The update is in the GLIBC package, but the library is used by many running services. After the update, each service has to be restarted. To find all dependent glibc services, use the following command, which displays all open files (lsof), and then finds the file that references the GLIBC library.
lsof | grep libc | awk ' {print '} ' | Sort | Uniq
The safest way is to restart all services found above using lsof. You can also restart the server.
Recommended CentOS glibc Online update, update after download offline package update, priority to upgrade to open servers .
Linux glibc Vulnerability Online update