January 27, 2015 The gethostbyname function of the Linux GNU glibc standard library burst into a buffer overflow vulnerability, with the vulnerability number cve-2015-0235. The hacker can realize the remote code execution through the GetHostByName series function, obtains the server control and the Shell permission, this vulnerability triggers the way many, the influence scope is large, has confirmed the successful utilization software and the system: GLIBC 2.2 to 2.17 (contains 2.2 and 2.17 versions).
The gethostbyname function of the GNU GLIBC standard library bursts into a buffer overflow vulnerability, vulnerability number: cve-2015-0235. GLIBC is a C library that provides system calls and basic functions, such as open, malloc, printf, and so on. All dynamically connected programs need to use GLIBC. A remote attacker could exploit this vulnerability to execute arbitrary code and elevate the permissions of the user running the application.
Vulnerability detection MethodsFollow the instructions:
#include <netdb.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include < ;errno.h> #define CANARY "In_the_coal_mine" struct {char buffer[1024]; Char canary[sizeof (Canary)]; temp = {"Buffer", CANARY}; int main (void) {struct hostent resbuf; struct Hostent *result; int Herrno; int retval; /*** strlen (name) = Size_needed-sizeof (*host_addr)-sizeof (*H_ADDR_PTRS)-1; /size_t len = sizeof (Temp.buffer) -16*sizeof (unsigned char)-2*sizeof (char *)-1; Char name[sizeof (temp.buffer)]; memset (name, ' 0 ', Len); Name[len] = ' + '; retval = Gethostbyname_r (name,&resbuf, Temp.buffer, sizeof (Temp.buffer), &result, &herrno); if (strcmp (Temp.canary, Canary)!=0) {puts ("vulnerable"); Exit (exit_success); } if (retval = = Erange) {puts ("notvulnerable"); Exit (exit_success); } puts ("should nothappen"); Exit (exit_failure);}
Save the above code content as Ghost.c and execute:
Recommended Patching ScenariosGCC ghost.c-o ghost$./ghostvulnerable //Indicates a vulnerability that needs to be repaired. $./ghostnotvulnerable//indicates a successful repair.
Special note: Since GLIBC is part of the Linux system infrastructure, in order to avoid the impact of patching on your server, it is recommended that you choose the right time to fix it, and be sure to back it up with a snapshot before the repair.
CentOS 5/6/7
Yum Update glibc
Ubuntu 12/14
Debian 6Apt-get Updateapt-get Install Libc6
Debian 7Wget-o/etc/apt/sources.list.d/debian6-lts.list Http://mirrors.aliyun.com/repo/debian6-lts.listapt-get Updateapt-get Install Libc6
OpenSUSE 13Apt-get Updateapt-get Install Libc6
Aliyun Linux 5u7Zypper refreshzypper Update glibc*
Wget-o/etc/yum.repos.d/aliyun-5.repo Http://mirrors.aliyun.com/repo/aliyun-5.repoyum Update glibc
Serious security vulnerability detection and repair scheme for Linux glibc Library
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
