Linux glibc Vulnerability Emergency Repair solution

A ghost vulnerability is a serious security issue on the Linux glibc library that allows an attacker to remotely gain control of the operating system without knowing any of the systems. At present his CVE number is cve-2015-0235.

Affected operating system version

CentOS 6, 7
Debian 7
Red Hat Enterprise Linux 6, 7
Ubuntu 10.04, 12.04
And many other Linux distributions using the GLIBC Library 2.2-2.17 version

What is glibc

GLIBC is the GNU Release LIBC Library, the C Run-time library. GLIBC is the most basic API in a Linux system, and almost any other runtime will rely on GLIBC. In addition to encapsulating the system services provided by the Linux operating system, GLIBC itself provides a number of other essential functional services implementations. GLIBC contains almost all the standards that UNIX has to pass.

What happened to the leak?
The Qualys researcher in the Code audit company found a buffer overflow vulnerability in the __nss_hostname_digits_dots () function in the GLIBC library, which can be triggered locally or remotely by the gethostbyname* () function. The application primarily uses the gethostbyname* () function to initiate a DNS request that converts the host name to an IP address.

Vulnerability Hazard

This vulnerability results in remote code execution, which can be exploited by an attacker to gain full control of the system.

Proof of vulnerability

In our tests, we wrote a POC, and when we sent a carefully constructed email to the server, we were able to get the shell of the remote Linux server, bypassing all the current protections (such as Aslr,pie and NX) in 32-bit and 64-bit systems.

What can we do?

To the operating system in a timely manner, we (Qualys) has worked closely with the Linux distributors, will be released in a timely fashion patches.

Why is it called ghost?

Because he was triggered by the GetHost function.

Which versions and operating systems are affected?

The first affected version is the GNU C Library of the glibc-2.2,2000 year of November 10 release. We've identified a variety of ways to mitigate vulnerabilities. We found that he had been repaired on May 21, 2013 (between the glibc-2.17 and glibc-2.18 releases). Unfortunately, they don't think it's a security breach. This leads to the exposure of many stable and long-term versions, including Debian 7 (wheezy), Red Hat enterprise,linux 5 & 6 & 7,centos 5 & 6 & 7,ubuntu 12.04 Wait

Repair scheme

Upgrade GLIBC Library:

Rhel/centos:sudo Yum Update glibc
Ubuntu:sudo apt-get Update; sudo apt-get install Libc6

Vulnerability test Method:

Download:

wget https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c

Compile:

Gcc-o GHOST ghost.c
Perform:

./ghost

If the output:

[Root@localhost home]#./ghost
Not vulnerable

Indicates that the vulnerability is fixed, and if only the word "vulnerable" is printed, the vulnerability still exists.

Script Test Vulnerability

Wget-o ghost-test.sh Http://www.cyberciti.biz/files/scripts/GHOST-test.sh.txt
Bash ghost-test.sh
[Root@localhost ~]# Bash ghost-test.sh
Vulnerable glibc version <= 2.17-54
Vulnerable glibc version <= 2.5-122
Vulnerable glibc version <= 2.12-1.148
Detected glibc version 2.12 revision 149
Not vulnerable.