A very serious security problem has been found and patched in the GNU C Library called Glibc. It was announced on 27th January 2015.<\/p>\n
Here are the affected Linux distros:<\/p>\n
Read More to Fix the GHOST vulnerability on a CentOS\/RHEL\/Fedora\/Ubuntu Linux<\/strong> What is it?<\/strong><\/p>\n A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call.<\/p>\n How can it hurt me?<\/strong><\/p>\n A remote attacker could use this flaw to execute arbitary code with the permissions of the user running the application.<\/p>\n How to Check if I am vulnerable?<\/strong><\/p>\n Check the version for the C library (Glibc).<\/p>\n Note that, at least on CentOS 6 and likely on RHEL6, the ldd \u2013version command will still return 2.12 even after the update. One can check the rpm package version to see if the system was updated (see the full package list at https:\/\/rhn.redhat.com\/errata\/RHSA-2015-0092.html<\/a>). The 2.12 library was patched, not replaced by a newer version. For example:<\/p>\n RHEL\/CentOS Linux v6.6:<\/p>\n Test C Program<\/strong><\/p>\n Compile it:<\/p>\n Test it:<\/p>\n Sample outputs:<\/p>\n GHOST-test.sh Vulnerability Test Bash Script<\/strong><\/p>\n Get the script<\/p>\n Run it<\/p>\n Output:<\/p>\n How to Fix it<\/strong><\/p>\n CentOS\/RHEL\/Fedora\/<\/strong><\/p>\n Type the following yum command as the root user:<\/p>\n Finally, reboot<\/p>\n Ubuntu Linux<\/strong><\/p>\n Type the following apt-get command as the root user:<\/p>\n Finally, reboot Ubuntu Linux server by typing the following command:<\/p>\n ** Reboot is necessary because currently running processes loaded on the old libs, and are vulnerable even after the glibc update. The reboot will force them to read the new libs.<\/p>\n If, after patching, you\u2019re able to manually restart services listed with the following command a reboot shouldn’t be necessary:<\/p>\n Sources:<\/p>\n http:\/\/www.cyberciti.biz\/faq\/cve-2015-0235-patch-ghost-on-debian-ubuntu-fedora-centos-rhel-linux\/<\/a> A very serious security problem has been found and patched in the GNU C Library called Glibc. It was announced on 27th January 2015. Here are the affected Linux distros: RHEL (Red Hat Enterprise Linux) version 5.x, 6.x and 7.x CentOS Linux version 5.x, 6.x & 7.x Ubuntu Linux version 10.04, 12.04 LTS Debian Linux … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,11,12,82,102,117],"tags":[],"class_list":["post-1707","post","type-post","status-publish","format-standard","hentry","category-administration","category-centos6","category-centos-7","category-patches","category-security","category-ubuntu"],"_links":{"self":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1707","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=1707"}],"version-history":[{"count":0,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1707\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=1707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=1707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=1707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n<\/p>\n# ldd --version\n\n<\/pre>\n
# rpm -q glibc\nglibc-2.12-1.149.el6_6.5.i686<\/pre>\n
[root@cloud1 ~]# ldd --version\nldd (GNU libc) 2.12\nCopyright (C) 2010 Free Software Foundation, Inc.\nThis is free software; see the source for copying conditions. There is NO\nwarranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\nWritten by Roland McGrath and Ulrich Drepper.\n\n<\/pre>\n
# wget https:\/\/qbytes.cloud\/files\/GHOST.c\n\n<\/pre>\n
# gcc -o GHOST GHOST.c\n\n<\/pre>\n
# .\/GHOST\n\n<\/pre>\n
# .\/GHOST\nvulnerable\n\n<\/pre>\n
# wget https:\/\/qbytes.cloud\/files\/GHOST-test.sh\n\n<\/pre>\n
# bash GHOST-test.sh\n\n<\/pre>\n
]# .\/GHOST-test.sh\nInstalled glibc version(s)\n- glibc-2.12-1.132.el6.x86_64: vulnerable\n\nThis system is vulnerable to CVE-2015-0235. <https:\/\/access.redhat.com\/security\/cve\/CVE-2015-0235>\nPlease refer to <https:\/\/access.redhat.com\/articles\/1332213> for remediation steps\n\n<\/pre>\n
# yum clean all\n# yum update\n<\/pre>\n
# sudo reboot\n<\/pre>\n
# sudo apt-get clean\n# sudo apt-get update\n# sudo apt-get upgrade\n## only run dist-upgrade on a Ubuntu if you want to upgrade kernel too\n##sudo apt-get dist-upgrade\n\n<\/pre>\n
\n\n# sudo reboot\n\n<\/pre>\n
# lsof | grep libc | awk '{print $1}' | sort | uniq\n\n<\/pre>\n
\nhttp:\/\/www.cyberciti.biz\/faq\/cve-2015-0235-ghost-glibc-buffer-overflow-linux-test-program\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"