Hello, a few days agoLinuxA buffer overflow vulnerability has been discovered in the gethostbyname function of the GNU glibc standard library, and the vulnerability number is CVE-2015-0235. Hackers can use the gethostbyname series of functions to execute remote code and obtain itserverThis vulnerability has many trigger paths and a large scope of impact, please pay attention to and temporarily fix it in time, and we will update it as soon as possibleMirroringFix. Please know.
1. Vulnerability release date
2015January 27, 2019
2. Software and systems that have been confirmed to be successfully used
Glibc 2.2Up to 2.17 (includes versions 2.2 and 2.17)
3. Description of vulnerabilities
GNU glibcA buffer overflow vulnerability was exposed in the gethostbyname function of the standard library, and the vulnerability number is CVE-2015-0235. Glibc is a C library that provides system calls and basic functions, such as open, malloc, printf, etc. All dynamically connected programs use Glibc. A remote attacker could exploit this vulnerability to execute arbitrary code and escalate the privileges of the user running the application.
4. Vulnerability detection methods
Follow the instructionsoperationCan.
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#define CANARY"in_the_coal_mine"
struct {
char buffer[1024];
char canary[sizeof(CANARY)];
} temp = { "buffer", CANARY };
int main(void) {
struct hostent resbuf;
struct hostent *result;
int herrno;
int retval;
/*** strlen (name) = size_needed -sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/
size_t len = sizeof(temp.buffer) -16*sizeof(unsigned char) - 2*sizeof(char *) - 1;
char name[sizeof(temp.buffer)];
memset(name, '0', len);
name[len] = '\0';
retval = gethostbyname_r(name,&resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);
if (strcmp(temp.canary, CANARY) !=0) {
puts("vulnerable");
exit(EXIT_SUCCESS);
}
if (retval == ERANGE) {
puts("notvulnerable");
exit(EXIT_SUCCESS);
}
puts("should nothappen");
exit(EXIT_FAILURE);
}
Save as GHOST.c
Run gcc GHOST.c -o GHOST
$./GHOST
novulnerable
Represents a successful repair.
5. Suggest repair plans
Special Note: Since glibc is a basic component of the Linux system, in order to avoid the impact of patching on your server, it is recommended that you choose a suitable time to repair, and be sure to back up through the snapshot operation before repairing.
Centos 5/6/7:
yum update glibc
Ubuntu 12/14
apt-get update
apt-get install libc6
Debian 6
wget -O /etc/apt/sources.list.d/debian6-lts.listhttp://mirrors.aliyun.com/repo/debian6-lts.list
apt-get update
apt-get install libc6
Debian 7
apt-get update
apt-get install libc6
Opensuse 13
zypper refresh
zypper update glibc*
Aliyun linux 5u7
wget -O /etc/yum.repos.d/aliyun-5.repohttp://mirrors.aliyun.com/repo/aliyun-5.repo
yum update glibc
|
Posted on 1/30/2015 6:36:02 PM
|
|
|
Posted on 1/30/2015 8:51:58 PM
|
