Recommendation: 10 Technical Masterpiece: "High-performance Linux server construction combat Ⅱ" full-network distribution, with probation chapters and the book instance source download!
A phantom flaw is a serious security issue on the Linux glibc library that allows an attacker to remotely gain control of the operating system without knowing the system. Currently, his CVE number is cve-2015-0235.
What is glibc
GLIBC is the GNU published LIBC library, the C runtime library. GLIBC is the lowest-level API in a Linux system, and almost any other runtime relies on glibc. GLIBC In addition to encapsulating the system services provided by the Linux operating system, it also provides many other necessary functional services. GLIBC includes almost all of the standards that UNIX has to pass.
What's wrong with the bug?
Code Audit company Qualys's researchers found a buffer overflow vulnerability in the __nss_hostname_digits_dots () function in the GLIBC library, which can be triggered either locally or remotely by the gethostbyname* () function. The application primarily uses the gethostbyname* () function to initiate a DNS request that converts the host name to an IP address.
Vulnerability Hazard
This vulnerability could result in remote code execution, which could allow an attacker to gain full control of the system.
Proof of vulnerability
In our tests, we wrote a POC, and when we sent a well-structured email to the server, we were able to get the shell of the remote Linux server, bypassing all the protections currently on 32-bit and 64-bit systems (such as Aslr,pie and NX).
What can we do?
Patching the operating system in time, we (Qualys) have worked closely with Linux publishers to release patches in a timely manner.
Why is it called ghost?
Because he was triggered by the GetHost function.
which versions and operating systems are affected?
The first affected version of the GNU C Library was released on November 10 in the glibc-2.2,2000 year. We have identified a variety of ways to mitigate vulnerabilities. We found him repaired on May 21, 2013 (between glibc-2.17 and glibc-2.18 release). Unfortunately, they don't think it's a security breach. This results in many stable and long-term versions exposed, including Debian 7 (wheezy), Red Hat enterprise,linux 5 & 6 & 7,centos 5 & 6 & 7,ubuntu 12.04 such as
Remediation Scenarios
Upgrade the GLIBC library:
Rhel/centos:sudo Yum Update glibc
Ubuntu:sudo apt-get Update; sudo apt-get install Libc6
Vulnerability test method:
Download:
wget https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c
Compile:
Gcc-o GHOST ghost.c
Perform:
./ghost
If the output:
[Email protected] home]#./ghost
Not vulnerable
Indicates that the vulnerability has been fixed, and if only the word "vulnerable" is output, the vulnerability still exists.
Script Test Vulnerability
Wget-o ghost-test.sh Http://www.cyberciti.biz/files/scripts/GHOST-test.sh.txt
Bash ghost-test.sh
[Email protected] ~]# bash ghost-test.sh
Vulnerable glibc version <= 2.17-54
Vulnerable glibc version <= 2.5-122
Vulnerable glibc version <= 2.12-1.148
Detected glibc version 2.12 revision 149
Not vulnerable.
Linux glibc Ghost Vulnerability Emergency Patching solution