Reference Links: http://toutiao.com/i6253272495634252289/
Vulnerability Information: https://rhn.redhat.com/errata/RHSA-2016-0175.html
Here's how to do it: (Test in CentOS 6.5 environment)
#####################################################
1. View the operating system version and GLIBC version as follows
[Email protected] ~]# cat/etc/redhat-release
CentOS Release 6.5 (Final)
[Email protected] ~]# uname-r
2.6.32-431.el6.x86_64
[Email protected] ~]# uname-a
Gnu/linux
[Email protected] ~]# cat/etc/resolv.conf
; Generated By/sbin/dhclient-script
NameServer 127.0.0.1
[[email protected] ~]# ls
Anaconda-ks.cfg Music
atomic-php55-php-cli-5.5.31-31.el6.art.x86_64.rpm nginx-1.8.0
atomic-php55-php-common-5.5.31-31.el6.art.x86_64.rpm nginx-1.8.0.tar.gz
atomic-php55-php-devel-5.5.31-31.el6.art.x86_64.rpm php-5.5.31
Cve-2015-7547-master php-5.5.31.tar.bz2
Desktop Pictures
Documents Public
Downloads rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
Eaccelerator-master Templates
Install.log Videos
Install.log.syslog WordPress
Master.zip wordpress-4.4.1-zh_cn.tar.gz
[Email protected] glibc2.12.166]# Rpm-qa | Grep-i glibc
Glibc-devel-2.12-1. the. el6.x86_64
Glibc-common-2.12-1.132.el6.x86_64
Glibc-2.12-1.132.el6.x86_64
Glibc-headers-2.12-1.132.el6.x86_64
#####################################################
2. Download cve-2015-7547, unzip the following files:
[Email protected] ~]# CD cve-2015-7547-master/
[[email protected] cve-2015-7547-master]# ls
cve-2015-7547-client.c cve-2015-7547-poc.py LICENSE Makefile README
#下载后 Execute Python cve-2015-7547-poc.py (This step takes about more than 10 minutes to appear)
[Email protected] cve-2015-7547-master]#python cve-2015-7547-poc.py
[UDP] Total Data Len Recv 44
[UDP] Total Data Len Recv 44
Connected with 127.0.0.1:47403
[TCP] Total Data Len Recv 46
[TCP] Request1 Len Recv 44
[UDP] Total Data Len Recv 44
[UDP] Total Data Len Recv 44
Connected with 127.0.0.1:47404
[TCP] Total Data Len Recv 46
[TCP] Request1 Len Recv 44
[UDP] Total Data Len Recv 36
[UDP] Total Data Len Recv 36
Connected with 127.0.0.1:47405
[TCP] Total Data len Recv 76
[TCP] Request1 Len Recv 36
[TCP] Request2 Len Recv 36
[UDP] Total Data Len Recv 44
[UDP] Total Data Len Recv 44
Connected with 127.0.0.1:47409
[TCP] Total Data Len Recv 46
[TCP] Request1 Len Recv 44
[UDP] Total Data Len Recv 44
[UDP] Total Data Len Recv 44
Connected with 127.0.0.1:47410
[TCP] Total Data Len Recv 46
[TCP] Request1 Len Recv 44
[UDP] Total Data len Recv 39
[UDP] Total Data len Recv 39
Connected with 127.0.0.1:47411
[TCP] Total Data Len Recv 82
[TCP] Request1 Len Recv 39
[TCP] Request2 Len Recv 39
^ctraceback (most recent):
File "cve-2015-7547-poc.py", line 176, in <module>
Tcp_thread ()
File "cve-2015-7547-poc.py", line, in Tcp_thread
conn, addr = Sock_tcp.accept ()
File "/usr/lib64/python2.6/socket.py", line 197, in accept
Sock, addr = Self._sock.accept ()
Keyboardinterrupt
##########################################################
3. Compile GCC cve-2015-7547-client.c-o client in another Linux window
[Email protected] cve-2015-7547-master]# gcc cve-2015-7547-client.c-o client
[[email protected] cve-2015-7547-master]# ls
Client cve-2015-7547-client.c cve-2015-7547-poc.py LICENSE Makefile README
[Email protected] cve-2015-7547-master]#./client
Segmentation fault (core dumped)
[Email protected] cve-2015-7547-master]#
Execute the./client file
If the return segment error (segmentation fault) has a vulnerability
If the return Client:getaddrinfo:Name or service not known vulnerability has been fixed
###############################################################
4. Update glibc, download glibc related RPM package
[[email protected] ~]# ls
Anaconda-ks.cfg Music
atomic-php55-php-cli-5.5.31-31.el6.art.x86_64.rpm nginx-1.8.0
atomic-php55-php-common-5.5.31-31.el6.art.x86_64.rpm nginx-1.8.0.tar.gz
atomic-php55-php-devel-5.5.31-31.el6.art.x86_64.rpm php-5.5.31
Cve-2015-7547-master php-5.5.31.tar.bz2
Desktop Pictures
Documents Public
Downloads rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
Eaccelerator-master Templates
glibc2.12.166 Videos
Install.log WordPress
Install.log.syslog wordpress-4.4.1-zh_cn.tar.gz
Master.zip
[Email protected] ~]# CD glibc2.12.166/
#########################################################################
############## #如下为glibc更新的rpm包 #####################
[[email protected] glibc2.12.166]# ls
glibc-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm
glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm
glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm
########## #强制安装rpm包 ###############################
[email protected] glibc2.12.166]#RPM-UVH--nodeps--force glibc-*
Preparing ... ########################################### [100%]
1:glibc-common ########################################### [14%]
2:GLIBC ########################################### [29%]
3:glibc-headers ########################################### [43%]
4:glibc-devel ########################################### [57%]
5:glibc-static ########################################### [71%]
6:glibc-utils ########################################### [86%]
7:GLIBC ########################################### [100%]
###### #更新后查询glibc版本 ####################
[Email protected] glibc2.12.166]# Rpm-qa | Grep-i glibc
Glibc-static-2.12-1.166.el6_7.7.x86_64
Glibc-headers-2.12-1.166.el6_7.7.x86_64
glibc-2.12-1.166.el6_7.7.i686
Glibc-2.12-1.166.el6_7.7.x86_64
Glibc-utils-2.12-1.166.el6_7.7.x86_64
Glibc-common-2.12-1.166.el6_7.7.x86_64
Glibc-devel-2.12-1.166.el6_7.7.x86_64
[Email protected] glibc2.12.166]#
Reboot restarting the server
##################################################################################
3. Use the 2nd step method to detect if there are any vulnerabilities
[[email protected] ~]# ls
Anaconda-ks.cfg Music
atomic-php55-php-cli-5.5.31-31.el6.art.x86_64.rpm nginx-1.8.0
atomic-php55-php-common-5.5.31-31.el6.art.x86_64.rpm nginx-1.8.0.tar.gz
atomic-php55-php-devel-5.5.31-31.el6.art.x86_64.rpm php-5.5.31
Cve-2015-7547-master php-5.5.31.tar.bz2
Desktop Pictures
Documents Public
Downloads rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
Eaccelerator-master Templates
glibc2.12.166 Videos
Install.log WordPress
Install.log.syslog wordpress-4.4.1-zh_cn.tar.gz
Master.zip
[Email protected] ~]# CD cve-2015-7547-master/
[[email protected] cve-2015-7547-master]# ls
cve-2015-7547-client.c cve-2015-7547-poc.py LICENSE Makefile README
[Email protected] cve-2015-7547-master]# py
Pydoc Pygtk-demo python python2 python2.6
[Email protected] cve-2015-7547-master]#python cve-2015-7547-poc.py
[UDP] Total Data Len Recv 44
[UDP] Total Data Len Recv 44
Connected with 127.0.0.1:34043
[TCP] Total Data Len Recv 46
[TCP] Request1 Len Recv 44
[UDP] Total Data Len Recv 44
[UDP] Total Data Len Recv 44
Connected with 127.0.0.1:34044
[TCP] Total Data Len Recv 46
[TCP] Request1 Len Recv 44
[UDP] Total Data Len Recv 44
[UDP] Total Data Len Recv 44
Connected with 127.0.0.1:34045
[TCP] Total Data Len Recv 46
[TCP] Request1 Len Recv 44
[UDP] Total Data Len Recv 44
[UDP] Total Data Len Recv 44
Connected with 127.0.0.1:34046
[TCP] Total Data Len Recv 46
[TCP] Request1 Len Recv 44
[UDP] Total Data Len Recv 36
[UDP] Total Data Len Recv 36
Connected with 127.0.0.1:34047
[TCP] Total Data len Recv 76
[TCP] Request1 Len Recv 36
[TCP] Request2 Len Recv 36
^ctraceback (most recent):
File "cve-2015-7547-poc.py", line 176, in <module>
Tcp_thread ()
File "cve-2015-7547-poc.py", line, in Tcp_thread
conn, addr = Sock_tcp.accept ()
File "/usr/lib64/python2.6/socket.py", line 197, in accept
Sock, addr = Self._sock.accept ()
Keyboardinterrupt
[Email protected] ~]# CD cve-2015-7547-master/
[[email protected] cve-2015-7547-master]# ls
cve-2015-7547-client.c cve-2015-7547-poc.py LICENSE Makefile README
[Email protected] cve-2015-7547-master]# gcc cve-2015-7547-client.c-o Client
[[email protected] cve-2015-7547-master]# ls
Client cve-2015-7547-client.c cve-2015-7547-poc.py LICENSE Makefile README
[Email protected] cve-2015-7547-master]# ./client
Client:getaddrinfo:Name or service not known
If the return Client:getaddrinfo:Name or service not known vulnerability has been fixed
Linux glibc security vulnerability cve-2015-7547 Repair and detection method