FollowWhat is glibc ?
Gnu library C or glibc is an implementation of standard c library and its a core member of linux OS .
What is GHOST Vulnerability ?
The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials.And this bug is reported as CVE-2015-0235. Redhat and CentOS already ready with the fix and you can update your boxes to get the patched version.
Why it is called as GHOST ?
It is called as the GHOST vulnerability as it can be triggered by the GetHOST functions. ( gethostbyname*() set of functions )
Are you safe ?
As per redhat and qualys , most of the systems are vulnerable except those running with glibc-2.17 and glibc-2.18
How to confirm whether you are safe or not ?
qualys.com provided a vulnerability scanning script to check this
~]# rpm -qa | grep glibc
glibc-2.12-1.107.el6_4.2.x86_64
~]# rpm -qa | grep release
centos-release-6-4.el6.centos.10.x86_64
~]# /usr/bin/gcc ghost.c -o ghost
~]# ./ghost
vulnerable
After updating to patched version of glibc
~]# yum upgrade glibc
~]# rpm -qa | grep glibc
glibc-2.12-1.149.el6_6.5.x86_64
~]# ./ghost
not vulnerable
~]# cat ghost.c
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#define CANARY "in_the_coal_mine"
struct {
char buffer[1024];
char canary[sizeof(CANARY)];
} temp = { "buffer", CANARY };
int main(void) {
struct hostent resbuf;
struct hostent *result;
int herrno;
int retval;
/*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/
size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1;
char name[sizeof(temp.buffer)];
memset(name, '0', len);
name[len] = '\0';
retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);
if (strcmp(temp.canary, CANARY) != 0) {
puts("vulnerable");
exit(EXIT_SUCCESS);
}
if (retval == ERANGE) {
puts("not vulnerable");
exit(EXIT_SUCCESS);
}
puts("should not happen");
exit(EXIT_FAILURE);
}
References :-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
http://www.openwall.com/lists/oss-security/2015/01/27/9
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
Recent Comments