GHOST Vulnerability (GHOST) affects a large number of Linux operating systems and their released versions (update and repair solutions)

GHOST Vulnerability (GHOST) affects a large number of Linux operating systems and their released versions (update and repair solutions)

Security researchers recently revealed a critical security vulnerability named GHOST (GHOST), which allows attackers to remotely obtain the maximum control permissions of the operating system, affecting a large number of Linux operating systems and their release versions on the market. The vulnerability CVE number is a CVE-2015-0235.

What is glibc?
 

Glibc is the libc library released by GNU, that is, the c Runtime Library. Glibc is the most underlying api in linux, and almost any other Runtime Library depends on glibc. Glibc not only encapsulates the system services provided by the linux operating system, but also provides implementation of many other necessary functional services. Glibc covers almost all UNIX standard.

Vulnerability Overview

A buffer overflow vulnerability was found in the _ nss_hostname_digits_dots () function of the Code audit company Qualys's researchers in the glibc library. This bug can go through gethostbyname *() the function is triggered locally or remotely.

The application uses the gethostbyname * () function to initiate DNS requests. This function converts the host name to an IP address.

Impact Scope

This vulnerability affects the Linux operating system of glibc library version 2.2-2.17.

Operating system types include

CentOS 6 & 7 Debian 7Red Hat Enterprise Linux 6 & 7 Ubuntu 10.04 & 12.04 Linux distributions

Vulnerability Testing

1. Compile the following test code

#include <netdb.h>#include <stdio.h>#include <stdlib.h>#include <string.h>#include <errno.h>#include <gnu/libc-version.h>#define CANARY "in_the_coal_mine"struct {char buffer[1024];char canary[sizeof(CANARY)];} temp = { "buffer", CANARY };int main(void) {struct hostent resbuf;struct hostent *result;int herrno;int retval;/*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1;char name[sizeof(temp.buffer)];memset(name, '0', len);name[len] = '';retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);if (strcmp(temp.canary, CANARY) != 0) {puts("vulnerable");exit(EXIT_SUCCESS);}if (retval == ERANGE) {puts("not vulnerable");exit(EXIT_SUCCESS);}puts("should not happen");exit(EXIT_FAILURE);}

 

2. the above test program shows whether the glibc version and host have vulnerabilities.

gcc gistfile1.c -o CVE-2015-0235./CVE-2015-0235

Solution

Run the glibc upgrade command

RH, Fedora, CentOS System
 

yum install glibc && reboot

 

Debian and Ubuntu Systems
 

apt-get clean && apt-get update && apt-get upgrade