Security Issue Glibc : CVE-2015-0235 -> PATCHED! | HostStage .

Security Issue Glibc : CVE-2015-0235 -> PATCHED!

Security Issue Glibc : CVE-2015-0235 -> PATCHED!

  • 30 Jan 0
Did you like what you read?Share on Facebook
Facebook
0Share on Google+
Google+
0Tweet about this on Twitter
Twitter
0Share on LinkedIn
Linkedin
Share on Reddit
Reddit
0Digg this
Digg
Buffer this page
Buffer

Hello,

48 hours ago a new security vulnerability has been discovered affecting most of the linux distribution running the GNU C Library. 
It is announced as very easy to exploit. You can find accurate details of the security threat quoted below : 

“A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call. A remote attacker could use this flaw to execute arbitary code with the permissions of the user running the application.”

At HostStage, we have taken actions immediately throughout all our infrastructure and patched all our servers (Shared Web Hosting, CentOS linux VPS managed and not managed, Reseller Web hosting, and all structural servers). 
We have also contacted all Debian / Ubuntu based users mentionning the steps to patch their server, as far as the patch requires a restart, we couldn’t take the liberty to apply it. 

You can find the steps below to patch your servers : 

CentOS : 

You can test whether you are vulnerable by typing the command below : 

rpm -q –changelog glibc | grep CVE-2015-0235

If it returns nothing, you must proceed with the glibc update with the following command : 

yum update glibc -y

Otherwise, it would return the line below : 

– Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533).

Debian / Ubuntu :

You can test whether your OS is impacted by running the following script 

/* ghosttest.c:  GHOST vulnerability tester */
/* Credit: http://www.openwall.com/lists/oss-security/2015/01/27/9 */
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
 
#define CANARY "in_the_coal_mine"
 
struct {
  char buffer[1024];
  char canary[sizeof(CANARY)];
} temp = { "buffer", CANARY };
 
int main(void) {
  struct hostent resbuf;
  struct hostent *result;
  int herrno;
  int retval;
 
  /*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/
  size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1;
  char name[sizeof(temp.buffer)];
  memset(name, '0', len);
  name[len] = '';
 
  retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);
 
  if (strcmp(temp.canary, CANARY) != 0) {
    puts("vulnerable");
    exit(EXIT_SUCCESS);
  }
  if (retval == ERANGE) {
    puts("not vulnerable");
    exit(EXIT_SUCCESS);
  }
  puts("should not happen");
  exit(EXIT_FAILURE);
}


Then, you would need to compile it and run it as shown below : 

gcc ghosttest.c -o ghosttest
./ghosttest

The scripts will return either of the 2 following values : vulnerable or not vulnerable. 

If you are vulnerable you would need to run the following : 

sudo apt-get clean
sudo apt-get update
sudo apt-get upgrade
reboot
 
Sincerely Yours,
Vincent Royant
HostStage CEO 
Did you like what you read?Share on Facebook
Facebook
0Share on Google+
Google+
0Tweet about this on Twitter
Twitter
0Share on LinkedIn
Linkedin
Share on Reddit
Reddit
0Digg this
Digg
Buffer this page
Buffer

Leave A Comment


Join Us on Facebook

Our Latest Tweets

  • 5 months ago

    @Galukxy  What is the reason of your website suspension? It could be something we could help you with actually

  • 8 months ago

    The Ultimate List: 57 Online Local Business Directories https://t.co/HATo96qXrw #localseo #Leadgeneration… https://t.co/HUz7sXscHz

  • 8 months ago

    21 of the Best #Facebook Pages We've Ever Seen https://t.co/Kz0o3jhuWS #FacebookMarketing #SMM #socialmedia https://t.co/nFOwpvtGMs

  • 8 months ago

    How to Make the Right Landing Page Rank: A Complete #SEO Checklist https://t.co/PaAye3CJCd #DigitalMarketing https://t.co/vTsj6sXEpu

  • 8 months ago

    30 Crazy #SocialMedia Facts That Might Change How You Think About Marketing https://t.co/hmEK7QuAnM #SMM #marketing https://t.co/mUlSRX8itV